Inserting into database using a PDO

Question

I'm trying to insert data into a database that I have on my server.

To connect to my database I have the following code:

<?php
$host = "/homes/49/jc192699/public_html/dbase/";
$database = "EduPro.db";
$dbhandle = new PDO("sqlite:".$host.$database);

try {
    $dbhandle = new PDO("sqlite:".$host.$database);

} catch (PDOException $e) {

echo 'Connection failed: ' . $e->getMessage();
}
?> 

and this all works fine! I have included this into my code so that is not the issue.

Here is my code for inserting data into the database:

<?php

$sql = "INSERT INTO USERS (`userName`, `password`) VALUES (`test, `testy`)";
  if ( $fetched = $dbhandle->query($sql)){
  $fetched->execute(PDO::FETCH_BOTH);
  echo "Success!";
  }

  else {
echo "Fail.";
}

?>

It is not inserting the data into the database for some reason. I know that the SQL statement is 100% correct as I have tested it elsewhere.

Can anyone help me?

Answer 1

you are opening two database connection. change your code to

$host = "/homes/49/jc192699/public_html/dbase/";
$database = "EduPro.db";
try {
    $conn = new PDO("sqlite:".$host.$database);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

you should not use backquote instead using single quote in your query. and also column should not have any quotes.

try {
    $sql = "INSERT INTO USERS (userName, password) VALUES ('test', 'testy')";
    $sth = $conn->query($sql);
} catch(PDOException $e) {
    echo $e->getMessage();
}

to fetch the records you need to use this

try {
    $sth = $conn->query('SELECT * FROM USERS');
    $rows = $sth->fetchAll(PDO::FETCH_ASSOC);
    //$rows contains the fetched records in an associative array
    var_dump($rows);
} catch(PDOException $e) {
    echo $e->getMessage();
}

learn more about PDO here http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

Answer 2

Why are you back-ticking the values? Try just single quotes:

$sql = "INSERT INTO USERS (userName, password) VALUES ('test', 'testy')";

Also, check your PHP error log, it may give you some insight.

And according to the docs , I believe you have to use exec() vs query() , for doing non-select queries such as inserting, updating, and deleting. If you plan on passing in variables to the $sql variable, you should also read up on prepare .

Answer 3

Here are some syntax rules to follow:

The SQL query must be quoted in PHP String values inside the SQL query must be quoted Numeric values must not be quoted The word NULL must not be quoted

 If(isset($_POST['submit'])) {

$stmt = $db->prepare("INSERT INTO usersdata (Firstname, Lastname, 
Email,Passward)
VALUES (:name, :lstname, :email,:pass)");

// inserting a record

then Bind the Values with your variables it will work

Answer 4

For a better-secured Database data insertion into the database, I believe your code should look more like this.

// First make your Database connections like so.
$host = "/homes/49/jc192699/public_html/dbase/";
$database = "EduPro.db";
try {
    $conn = new PDO("sqlite:".$host.$database);
} catch (PDOException $e) {
    echo 'Connection error: ' . $e->getMessage();
}

//then next we make the data insertion using a prepared statement.
// Try to insert the data to the database

try {
    $username = "test";
    $password = "testy";

    $sql = "INSERT INTO USERS (userName, password) VALUES ('test', 'testy')";
    $sth = $conn->query($sql);

    $stmt = $db->prepare("INSERT INTO usersdata (userName, password) VALUES (:uname, :pass)");
    $stmt->bindParam(':uname', $username);
    $stmt->bindParam(':pass', $password);
    $stmt->execute();

    echo "Data inserted "; //Just get a success message

} catch(PDOException $e) {
    echo $e->getMessage();
}