Data not inserting into database when using pdo

Question

i am learning pdo and i tried to play with CRUD method. I am trying to insert data into database using pdo but it isn't inserting. Below is my code

        <?php 
    $username = $_POST['username'];
$password = password_hash($_POST['password'], PASSWORD_BCRYPT ));
try {
    $query = $connect->prepare("INSERT INTO users(username, password) VALUES(?,?)");
        $query->execute(array($username, $password));
        echo "data";
    }
    catch (PDOException $event) {
        echo $event->getMessage();
    }
    ?>

i have this index file named as index.php

<?php 
require_once 'db.php';
session_start();
session_regenerate_id();
?>
<!DOCTYPE html>
<html>
<head>
  <title>Sign-Up/Login Form</title>
</head>
<?php
if ($_SERVER['REQUEST_METHOD'] == '$_POST') {
    if (isset($_POST['login'])) {
        require 'login.php';
    }
    elseif (isset($_POST['register'])) {
        require 'register.php';
    }
}
?>
<body>
    <form action="index.php" method="POST">
        <input type="text" name="username">
        <input type="password" name="password">
        <input type="submit" name="register" value="Submit">
    </form>
</body>
</html>

my db.php looks like

<?php 
try {
$connect = new PDO('mysql:dbname=pdologin;host=localhost', 'root', '$$$$'); 
$connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (Exception $event) {
    $event->getMessage();

}
?>

Answer 1

The problem is that your code never reaches your require scripts ( login.php or register.php ) because your conditional is incorrect.

You have: if ($_SERVER['REQUEST_METHOD'] == '$_POST')

It should be if ($_SERVER['REQUEST_METHOD'] == 'POST')

Answer 2

connect first

$connect = mysqli_connect("localhost","root","root","my_db");

then remove the parameters when executing

$query->execute();

try this

   <?php 
    $connect = mysqli_connect("localhost","root","root","my_db");
    $username = $_POST['username'];
    $password = password_hash($_POST['password'], PASSWORD_BCRYPT );
    try {
        $query = $connect->prepare("INSERT INTO users(username, password) VALUES('$username', '$password')");
        $query->execute();
    }
    catch (PDOException $e) {
        echo $e->getMessage();
    }
    ?>

Answer 3

You're going to end up with something like below while learning or doing some small script that will need a connection, in the long run wrapping this stuff in a function or using a small helper or framework can make this a little easy. Great idea to learn but its still tedious boiler plate no matter how many years you write this stuff.

<?php
//db settings that are typically in a config somewhere
$db_servername = "localhost";
$db_username = "username for your database";
$db_password = "password for your database";
$db_name = "your_db_name";        

try {
    $connect = new PDO("mysql:host=$db_servername;dbname=$db_name, $db_username, $db_password");
    // set the PDO error mode to exception
    $connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    //echo "Connected successfully";
 }catch(PDOException $e){
    //echo "Connection failed: " . $e->getMessage();
 }
 $sth = $connect->prepare("INSERT INTO users(username, password) VALUES(:username,:password)");

 $username = $_POST['username'];
 $password = password_hash($_POST['password'], PASSWORD_BCRYPT );

 $sth->bindValue(':username', $username, PDO::PARAM_STR);
 $sth->bindValue(':password', $password, PDO::PARAM_STR);
 $sth->execute();

as a example my team now just writes database binding code like

<?php
//array of ids to insert
$binds['ids'] = array(1,3,4,5,6,7,9,08098);
//Database class is auto included with every script
$success = Database::query('insert into my_table (id) values(:ids)',$binds);