2

I'm having trouble with php script that I've created to insert instances into a database, however I'm getting a trivial output and i dont know how to fix it. the code is:

<?php

    try{
        $user = 'root';
        $pass = null;
        $pdo = new PDO('mysql:host=localhost; dbname=divebay', $user, $pass);

        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        $username = $_POST['username'];
        $password = sha1($_POST['password']);
        $location = %_POST['location'];
        $email = $_POST['email'];
        $name = $_POST['fname'] . " " . $_POST['surname'];

        $check = $pdo->prepare('SELECT * FROM user WHERE username=?');
        $check->bindValue(1, $username);
        $check->execute();

        if($check->fetch(PDO::FETCH_OBJ)){
            echo "Account name already exists";
        }
        else{

            $stmt = $pdo->prepare('INSERT INTO user(username, password, location, email, name)
                                  VALUES(:username, :password, :location, :email, :name)');
            $stmt->bindParam(':username', $username, PDO::PARAM_STR);
            $stmt->bindParam(':password', $password, PDO::PARAM_STR);
            $stmt->bindParam(':location', $location, PDO::PARAM_STR);
            $stmt->bindParam(':email', $email, PDO::PARAM_STR);
            $stmt->bindParam(':name', $name, PDO::PARAM_STR);

            if($stmt->execute()){
                echo "Account created";
            }
            else{
                echo "Account could not be created";
            }
        }

        $pdo = null;

    }catch(PDOException $e){
        echo $e->getMessage();
    }


?>

i would expect the output to be something like "Account created". Instead the output I'm getting this error:

setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $username = $_POST['username']; $password = sha1($_POST['password']);
$location = %_POST['location']; $email = $_POST['email']; $name = $_POST['fname'] . " " . $_POST['surname']; $check = $pdo->prepare('SELECT * FROM user WHERE username=?');
$check->bindValue(1, $username); $check->execute();
if($check->fetch(PDO::FETCH_OBJ)){ echo "Account name already exists"; } else{ $stmt = $pdo->prepare('INSERT INTO user(username, password, location, email, name) VALUES(:username, :password, :location, :email, :name)'); $stmt->bindParam(':username', $username, PDO::PARAM_STR); $stmt->bindParam(':password', $password, PDO::PARAM_STR);
$stmt->bindParam(':location', $location, PDO::PARAM_STR);
$stmt->bindParam(':email', $email, PDO::PARAM_STR);
$stmt->bindParam(':name', $name, PDO::PARAM_STR);
if($stmt->execute()){ echo "Account created"; } else{ echo "Account could not be created"; } } $pdo = null; }catch(PDOException $e){ echo $e->getMessage(); } ?>

whats going wrong with this script to cause this?

Luuklag
  • 3,897
  • 11
  • 38
  • 57
Bundy
  • 717
  • 3
  • 12
  • 23
  • 3
    Is PHP enabled on your server? What happens if you access a PHP file containing only `` ? – Dai Jul 30 '12 at 04:03
  • Also, go through your past questions and accept answers. Your accept-rate is only 14% and very low. Some people might not give you answers because of this. – Dai Jul 30 '12 at 04:04
  • @LiamWarnes Chewckif PDO is enabled or not – swapnesh Jul 30 '12 at 04:07
  • @David i think it is phpinfo() gives me a bunch of tables displaying version information etc – Bundy Jul 30 '12 at 04:10
  • is the above file named *.php? –  Jul 30 '12 at 04:16
  • @swapnesh i attempted to check by adding if(extension_loaded('pdo'){ before the try block with an else{ echo "php not loaded" but the output remains the same so i assume php is enabled? – Bundy Jul 30 '12 at 04:16
  • Do you have a close tag before `setAttribute`? like `$pdo-?>` – Musa Jul 30 '12 at 04:21
  • @LiamWarnes and others just for a query is it correct ??? $pass = null; or you want to have $pass = ''; <-- for a blank password – swapnesh Jul 30 '12 at 04:27
  • 1
    Can't see how this would result in the php code being outputted but you seem to have an typo here `$location = %_POST['location'];` with the % instead of $ – Cleric Jul 30 '12 at 04:43

3 Answers3

2

The only way you'd get that output is if you had written:

$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

as:

$pdo?>setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

by mistake.

Hamish
  • 22,860
  • 8
  • 53
  • 67
  • perhaps, but the code block is copied directly from notepad++ so this is not the case – Bundy Jul 30 '12 at 04:32
  • Is the output you posted above what you see in a browser, or is it the raw string response (e.g. from a view-source view)? – Hamish Jul 30 '12 at 09:19
2

YOU HAVE a % INSTEAD OF $ on %_POST['location']

RECOMMENDATION: Also I HIGHLY recommend wrapping the PDO functions into a class. Here is what I use personally in every single project:

save this to it's own file (ex:sql.class.php)

<?php 

class SqlIt{
    public $Sql;
    public $Response;
    private $Host;
    private $DBname;
    private $User;
    private $Pass;
    public $NumResults;

    public function __construct($Sql, $type, $vars){
        if($vars == ""){
            $vars = array();
            }
        try{
        $DB = $this->db_connect();
        $DB->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            $STH = $DB->prepare($Sql);
            $doit = $STH->execute($vars);
            $this->Result = $doit;
            }
        catch(PDOException $e){
            echo $e->getMessage();
            }
        //find function to run
        switch($type){
            case 'select':
                $this->select($STH);
                break;
            }
        }

    public function select($query){
            $rows = $query->rowCount();
            $this->NumResults = $rows;
            while($row = $query->fetchObject()){
                $this->Response[] = $row;
            }
        }

    //create a separate function for connecting to DB. Private to only this class.
    private function db_connect(){
        $this->User = 'root';
        $this->Pass = '';
        $DBH = new PDO("mysql:host=localhost;dbname=divebaby", $this->User, $this->Pass);
        return $DBH;
        }
    }

?>

Then to actually run the statement you placed above you simply right the following code:

$username = $_POST['username'];
$password = sha1($_POST['password']);
$location = $_POST['location'];
$email = $_POST['email'];
$name = $_POST['fname'] . " " . $_POST['surname']; 


$getUser = new SqlIt("SELECT * FROM user WHERE username=?","select",array($username));

    if($getUser){ 
        echo 'Account name already exists';
    }else{
        $insertUser = new SqlIt("INSERT INTO user (username,password,location,email,name) VALUES (?,?,?,?,?)","insert",array($username,$password,$location,$email,$name));

       if($insertUser){ 
           echo 'Account created!';
       }else{
           echo 'Account not created.';
       }
luv2code
  • 1,216
  • 6
  • 22
  • 42
1

Missing <?php at the beginning of one of your pages that contains that code with the first line of setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

Matt Lo
  • 5,442
  • 1
  • 21
  • 21