Inserting data from a form to MYSQL using PDO and BindParameters

Question

I am trying to insert data from a form to MYSQL database using PDO and bind parameters. I first attempted the insertion without PDO and bindParam and the data was successfully taken from the form and inserted into the database but that basic method was open to SQL injection. Now I am using the following (see code below) PDO and bindParam methods but the data is not being inserted into my database.

Question : What am I doing wrong? Is there some syntax issue that isnt allowing me to insert data to database?

<?php

$username = 'username'; 
$password = 'pass'; 
$host = 'localhost'; 
$dbname = 'db';


try {
 $dbh = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
 // set the PDO error mode to exception
 $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

 $stmt = $dbh->prepare("INSERT INTO table1 (issue, time, comments, lat, lng) VALUES (:issue, :time, :comments, :lat, :lng)");
    $stmt->bindParam(':issue', $issue);
    $stmt->bindParam(':time', $time);
    $stmt->bindParam(':comments', $comments);
    $stmt->bindParam(':lat', $lat);
    $stmt->bindParam(':lng', $lng);

    $stmt->execute();

        header("Location: main.php");

 }
catch(PDOException $e)
    {
    echo "Error: " . $e->getMessage();
    }
$dbh = null;



?>

EDIT: (still not working)

<?php

$username = 'username';
$password = 'pass';
$host = 'localhost';
$dbname = 'db';


try {
$dbh = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

if (!isset($issue, $time, $comments, $lat, $lng)) {
    die('data set error;');
}
$stmt = $dbh->prepare("INSERT INTO table1 (issue, time, comments, lat, lng) VALUES (:issue, :time, :comments, :lat, :lng)");


$params = array(':issue' => $issue,
    ':time' => $time,
    ':comments' => $comments,
    ':lat' => $lat,
    ':lng' => $lng);

if (!$stmt->execute($params)) {
    print_r($stmt->errorInfo());
    die();
}

header("Location: main.php");
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
$dbh = null;

?>

Answer 1

Questions asking "to find a syntax issue" are offtopic here, as they produce but guesswork in the answers and will be no help for the future readers. Unfortunately, it never takes enough votes to close such a question.

So, here goes a guesswork. Data variables you're trying to insert are nowhere defined.

Answer 2

change your code to this:

$username = 'username';
$password = 'pass';
$host = 'localhost';
$dbname = 'db';


try {
    $dbh = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    if (!isset($issue, $time, $comments, $lat, $lng)) {
        die('data set error;');
    }
    $stmt = $dbh->prepare("INSERT INTO table1 (issue, time, comments, lat, lng) VALUES (:issue, :time, :comments, :lat, :lng)");


    $params = array(':issue' => $issue,
        ':time' => $time,
        ':comments' => $comments,
        ':lat' => $lat,
        ':lng' => $lng);

    if (!$stmt->execute($params)) {
        print_r($stmt->errorInfo());
        die();
    }

    header("Location: main.php");
} catch (PDOException $e) {
    echo "Error: " . $e->getMessage();
}
$dbh = null;