0

i am getting the following error in terminal

127.0.0.1:36368 [500]: /create_account.php - Uncaught PDOException: SQLSTATE[21S01]: Insert value list does not match column list: 1136 Column count doesn't match value count at row 1 in /home/hue/social_network/classes/DB.php:10
Stack trace:
#0 /home/hue/social_network/classes/DB.php(10): PDOStatement->execute(Array)
#1 /home/hue/social_network/create_account.php(7): DB::query('INSERT INTO use...', Array)
#2 {main}
  thrown in /home/hue/social_network/classes/DB.php on line 10

Here is my php code:

    <?php
    include('classes/DB.php');
    if (isset($_POST['createaccount'])) {
            $username = $_POST['username'];
            $password = $_POST['password'];
            $email = $_POST['email'];
            DB::query('INSERT INTO users VALUES (:username, :password, :email)', 
array(':username'=>$username, ':password'=>$password, ':email'=>$email));
            echo "Success!";
    }
    ?>

    <h1>Register</h1>
    <form action="create_account.php" method="post">
    <input type="text" name="username" value="" placeholder="Username ..."><p />
    <input type="password" name="password" value="" placeholder="Password ..."><p />
    <input type="email" name="email" value="" placeholder="someone@somesite.com"><p />
    <input type="submit" name="createaccount" value="Create Account">
    </form>

db class:

<?php
class DB {
        private static function connect() {
                $pdo = new PDO('mysql:host=127.0.0.1;dbname=social_network;charset=utf8', 'root', 'helloworld');
                $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
                return $pdo;
        }
        public static function query($query, $params = array()) {
                $statement = self::connect()->prepare($query);
                $statement->execute($params);
                // $data = $statement->fetchAll();
                // return $data;
        }
}

i tried to INSERT values for id : ":id" and "\'\'" , but nothing change. my id field is auto_increment

Alexandr Krivosheev
  • 63
  • 4
  • 3
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Feb 06 '17 at 19:22
  • **WARNING**: Writing your own access control layer is not easy and there are many opportunities to get it severely wrong. Please, do not write your own authentication system when any modern [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/) comes with a robust [authentication system](https://laravel.com/docs/5.3/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords as plain-text**. – tadman Feb 06 '17 at 19:23

1 Answers1

4

Unless you're inserting all columns you need to specify which ones you're using:

INSERT INTO users (username, password, email) VALUES (:username, :password, :email)

You're omitting the column specification, so the default likely includes id and a bunch of other things.

Also before you go and write your own ORM accidentally keep in mind there are several out there that are feature-complete, battle-tested, and documented: Doctrine, Propel and Eloquent are just a few examples.

tadman
  • 208,517
  • 23
  • 234
  • 262