0

I'm trying to connect to a localhost but keep getting the error stated:

Failed to run query: SQLSTATE[HY093]: Invalid parameter number: parameter was not defined

I get this error after I add my details into the REGISTER form and post it to index.php I can't see anything wrong with my code and as far as I can see parameters are all correct(obviously not though)

The desired behavior is for the query to execute properly.

INDEX.php

require("config.inc.php");

//if posted data is not empty
if (!empty($_POST)) {

    if (empty($_POST['username']) || empty($_POST['password'])) {



        $response["success"] = 0;
        $response["message"] = "Please Enter Both a Username and Password.";


        die(json_encode($response));
    }

    $query        = " SELECT 1 FROM users WHERE username = :username";
    $query_params = array(
        ':user' => $_POST['username']
    );

    try {
        $stmt   = $db->prepare($query);
        $result = $stmt->execute($query_params);
    }
    catch (PDOException $ex) {
        die("Failed to run query: " . $ex->getMessage());

        $response["success"] = 0;
        $response["message"] = "Database Error. Please Try Again!";
        die(json_encode($response));
    }


    $row = $stmt->fetch();
    if ($row) {
        die("This username is already in use");
        $response["success"] = 0;
        $response["message"] = "I'm sorry, this username is already in use";
        die(json_encode($response));
    }

    $query = "INSERT INTO users ( username, password ) VALUES ( :username, :password ) ";

    $query_params = array(
        ':username' => $_POST['username'],
        ':password' => $_POST['password']
    );

    try {
        $stmt   = $db->prepare($query);
        $result = $stmt->execute($query_params);
    }
    catch (PDOException $ex) {
        die("Failed to run query: " . $ex->getMessage());
        $response["success"] = 0;
        $response["message"] = "Database Error. Please Try Again!";
        die(json_encode($response));
    }

    $response["success"] = 1;
    $response["message"] = "Username Successfully Added!";
    echo json_encode($response);


} else {
?>
    <h1>Register</h1> 
    <form action="index.php" method="post"> 
        Username:<br /> 
        <input type="text" name="username" value="" /> 
        <br /><br /> 
        Password:<br /> 
        <input type="password" name="password" value="" /> 
        <br /><br /> 
        <input type="submit" value="Register New User" /> 
    </form>
    <?php
}
Tom Tom
  • 3,680
  • 5
  • 35
  • 40
user3849188
  • 13
  • 3

1 Answers1

2

Those lines are wrong

$query        = " SELECT 1 FROM users WHERE username = :username";
$query_params = array(
    ':user' => $_POST['username']
);

:user doesn't match :username

Tom Tom
  • 3,680
  • 5
  • 35
  • 40