0

Here I am trying to insert into db without sql injection. Things are ok as per me still not getting inserted into table:

$email = $_POST['email'];
$uname = $_POST['name'];
$myid = $_POST['myid'];

$user='root';
$pass='root';
$dbh = new PDO('mysql:dbname=test;host=127.0.0.1:3306', $user, $pass);
$stmt = $dbh->prepare('INSERT INTO user_record (id,uname,email) VALUES (:id, :uname, :email)');
$stmt->bindParam(':uname', $uname);
$stmt->bindParam(':id', $myid);
$stmt->bindParam(':email', $email);

$stmt->execute();

Can someone point what's wrong.

  • 1
    Hard to say what's going on without an error message or detail about what is wrong or what you've tried. – NotMe Oct 16 '13 at 17:29
  • http://stackoverflow.com/a/3726526/285587 – Your Common Sense Oct 16 '13 at 17:30
  • @ChrisLively: No error. But when i see in table. data does not get inserted@ –  Oct 16 '13 at 17:30
  • Are you sure it's actually hitting the table you expect? Have you tried running that insert query directly to see what error, if any, has occurred? Have you tested the result from the `$stmt->execute();` code to see if it's a true or false? One way to get the error back would be to call `$dbErr = $stmt->errorInfo();` immediately after the execute. I could certainly see this failing if `id` was an auto increment field... – NotMe Oct 16 '13 at 17:34
  • @ChrisLively care to click a link above? – Your Common Sense Oct 16 '13 at 17:35
  • @YourCommonSense: Not really; but you might elaborate here, to the OP, why that link is pertinent. – NotMe Oct 16 '13 at 17:36

1 Answers1

-1
 new PDO('mysql:host=127.0.0.1:3306;dbname=test', $user, $pass);

First comes the host after comes the db.

Mihai
  • 26,325
  • 7
  • 66
  • 81