-3

I'm creating a website and i want to insert data into a phpmyadmin table from a form (method="post") it didn't work i'm connected to the data base but when i type stuff in my form it's not inserted in the table, here's my php part:

<?php
$hostname = 'localhost';
$username = 'root';
$password = '';
try {
    $conn = new PDO("mysql:host=$hostname;dbname=Database", $username, $password);
    echo 'Connected to database';
}
catch(PDOException $e)
{    
    echo $e->getMessage();
}
$nom = $_POST['nom'];
$prenom =$_POST['prenom'];
$email = $_POST['email'];
$password = $_POST['password'];
$type = $_POST['type'];
$sql = "INSERT INTO client (nom, prenom, email,password,type)
                    VALUES ($nom, $prenom, $email, $password , $type)"; 
}
$conn->connection = null;
?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Darkimo
  • 1
  • 2
  • You are missing quotes around your values but better yet use prepared statements.Also you are not running that query anywhere – Mihai Jan 24 '17 at 12:35
  • where did you learn this? There's no pint of using PDO if you not gonna use prepared statements – Masivuye Cokile Jan 24 '17 at 12:36
  • Also, writing a query in a text literal does not pass it to the database for execution. [RTM](http://php.net/manual/en/book.pdo.php) – RiggsFolly Jan 24 '17 at 12:37
  • And some sensible code indentation allows you and us to actually read the code. ___And see unnecessary `}` symbols___ – RiggsFolly Jan 24 '17 at 12:38
  • Oh and `phpMyAdmin` is a tools written in PHP. `MYSQL` is a database managment system – RiggsFolly Jan 24 '17 at 12:39
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Jan 24 '17 at 12:43
  • **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Jan 24 '17 at 12:51

1 Answers1

1

I'm not gonna comment much, there's still a lot of learning and practice that you need to do. Please take your time and go through this blog, read and practice from it, do not rush take your time https://phpdelusions.net/pdo

Your code should be looking similar to the one below :

<?php
$hostname = 'localhost';
$username = 'root';
$password = '';
try {
    $conn = new PDO("mysql:host=$hostname;dbname=Database", $username, $password);
    $conn->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);

}
catch (PDOException $e) {

    echo $e->getMessage();

}


$nom      = $_POST['nom'];
$prenom   = $_POST['prenom'];
$email    = $_POST['email'];
$password = $_POST['password'];
$type     = $_POST['type'];


try {

    $sql = "INSERT INTO client (nom, prenom, email,password,type)   VALUES (?,?,?,?,?)";

    $stmt = $conn->prepare($sql);
    if ($stmt->execute(array(
        $nom,
        $prenom,
        $email,
        $password,
        $type
    ))) {

        echo "Data inserted";
    } else {

        echo "could not insert";
    }

}
catch (Exception $ex) {

    error_log($ex->getMessage());

}


?>
Masivuye Cokile
  • 4,754
  • 3
  • 19
  • 34