问题
After sanitizing and validation, which works fine. I tried inserting data into my database but it keeps saying error: "Sorry, we were not able to sign you up... Refill the form properly"
$qry = "INSERT INTO users (email, firstName, surname, userName, password, userDOB) values (?, ?, ?, ?, ?, ?)";
$q = $conn->prepare($qry) or die("ERROR: " . implode(":", $conn->errorInfo()));
$q->bindParam(1, $email);
$q->bindParam(2, $name);
$q->bindParam(3, $surname);
$q->bindParam(4, $username);
$q->bindParam(5, $password);
$q->bindParam(6, $userDOB);
$q->execute();
if(!$q->execute()) {
echo "<h1> Sorry, we were not able to sign you up... Refill the form properly </h1>";
}
else {
echo "<h1> Congratulations, $name ! You have been successfully signed up! </h1>";
}
Any help that will make this work would be greatly appreciated.
回答1:
Not sure if it's the issue, but you are calling execute()
twice.
Anyway, your only problem is lack of error reporting. Enable it and run every operator only once:
error_reporting(E_ALL);
ini_set('display_errors', 1);
$conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sql = "INSERT INTO users (email, firstName, surname, userName, password, userDOB)
values (?, ?, ?, ?, ?, ?)";
$stm = $conn->prepare($sql));
$stm->execute([$email,$name,$surname,$username,$password,$userDOB]);
if ($stm->rowCount())
{
echo "<h1> Sorry, we were not able to sign you up... Refill the form properly </h1>";
} else {
echo "<h1> Congratulations, $name ! You have been successfully signed up! </h1>";
}
回答2:
Thank you guys a whole lot. It works, but is this best practice to write this code and to also avoid SQL Injection?
try {
$conn = new PDO('mysql:host=localhost; dbname=userdetails', 'root', '');
$conn->setAttribute(PDO:: ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo 'Connected!';
}
catch(PDOException $pe) {
echo('Connection error, because: ' .$pe->getMessage());
}
//Insert data to Database if values are not empty and sanitized
if (!empty($_POST["firstName"]) && !empty($_POST["surname"]) && !empty($_POST["email"])
&& !empty($_POST["userName"]) && !empty($_POST["password"]) && $dob_day > 0 && $dob_month > 0 && $dob_year > 0)
{
$qry = "INSERT INTO users (email, firstName, surname, userName, password, birthday) values (?, ?, ?, ?, ?, ?)";
$q = $conn->prepare($qry) or die("ERROR: " . implode(":", $conn->errorInfo()));
$q->bindParam(1, $email);
$q->bindParam(2, $name);
$q->bindParam(3, $surname);
$q->bindParam(4, $username);
$q->bindParam(5, $password);
$q->bindParam(6, $userDOB);
try {
$q->execute();
echo "<h1> Congratulations, $name ! You have been successfully signed up! </h1>";
}
catch(PDOException $pe) {
echo('Connection error, because: ' .$pe->getMessage());
}
}
来源:https://stackoverflow.com/questions/19573346/cant-insert-data-into-database-using-pdo