<?php
try
{
$con = new PDO("mysql:host = localhost;dbname=nannu","root","");
if(isset($_POST['login']))
{
$name = $_POST['name'];
$password = $_POST['password'];
$email = $_POST['email'];
$date = $_POST['date'];
$month = $_POST['month'];
$year = $_POST['year'];
$insert = $con->prepare(" INSERT INTO details (name,password,email,date,month,year)VALUES (':name',':password',':email',':date',':month',':year')");
$insert->bindParam (':name',$name);
$insert->bindParam (':password',$pass);
$insert->bindParam (':email',$email);
$insert->bindParam (':date',$date);
$insert->bindParam (':month',$month);
$insert->bindParam (':year',$year);
$insert->execute();
}
}
?>
Asked
Active
Viewed 63 times
0
aynber
- 22,380
- 8
- 50
- 63
SaNdeep Rao
- 1
- 1
-
Your question is incomprehensible. Please reframe it. – Yusuf Hassan May 23 '17 at 18:30
-
3Don't quote your placeholders. Otherwise it will think it's just a string. – aynber May 23 '17 at 18:30
-
What are you really asking. Please state clearly so that, we can understand what is the question actually – Shajibur Rahman May 23 '17 at 18:32
-
1**Never** store plain text passwords. You should use [`password_hash()`](http://us3.php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://us3.php.net/manual/en/function.password-verify.php) instead. If you're using a version of PHP prior to 5.5, do **not** use MD5 or SHA1 to hash passwords. Instead you can use [this compatibility pack](https://github.com/ircmaxell/password_compat). – Alex Howansky May 23 '17 at 18:35
1 Answers
0
This is happening because you have single quotes around the placeholder so it's treating them as string literals. Simply remove the single quotes and you should be good to go barring any other issues.
<?php
try
{
$con = new PDO("mysql:host = localhost;dbname=nannu","root","");
if(isset($_POST['login']))
{
$name = $_POST['name'];
$password = $_POST['password'];
$email = $_POST['email'];
$date = $_POST['date'];
$month = $_POST['month'];
$year = $_POST['year'];
$insert = $con->prepare(" INSERT INTO details (name,password,email,date,month,year)VALUES (:name,:password,:email,:date,:month,:year)");
$insert->bindParam (':name',$name);
$insert->bindParam (':password',$pass);
$insert->bindParam (':email',$email);
$insert->bindParam (':date',$date);
$insert->bindParam (':month',$month);
$insert->bindParam (':year',$year);
$insert->execute();
}
}
?>
EDIT
Thank you for using PDO and properly binding your parameters. You won't believe how many times people directly inject request parameters into their statements. Good job!
EDIT #2
Are you triple sure the variables you're binding with have values. Maybe unrelated but read this: https://stackoverflow.com/a/5077108/296555. Also, you're using your $password variable as $pass.
Example 1
<?php
try
{
$con = new PDO("mysql:host = localhost;dbname=nannu","root","");
if(isset($_POST['login']))
{
$name = $_POST['name'];
$password = $_POST['password'];
$email = $_POST['email'];
$date = $_POST['date'];
$month = $_POST['month'];
$year = $_POST['year'];
// Used single quotes to wrap statement and using named placeholders
$insert = $con->prepare('INSERT INTO details (name, password, email, date, month, year) VALUES (:name, :password, :email, :date, :month, :year)');
// Params passed in to execute method
$insert->execute(array(
':name' => $name,
':password' => $password,
':email' => $email,
':date' => $date,
':month' => $month,
':year' => $year
));
}
}
?>
Example 2
<?php
try
{
$con = new PDO("mysql:host = localhost;dbname=nannu","root","");
if(isset($_POST['login']))
{
$name = $_POST['name'];
$password = $_POST['password'];
$email = $_POST['email'];
$date = $_POST['date'];
$month = $_POST['month'];
$year = $_POST['year'];
// Used single quotes to wrap statement and using anon placeholders
$insert = $con->prepare('INSERT INTO details (name, password, email, date, month, year) VALUES (?, ?, ?, ?, ?, ?)');
// Params passed in to execute method
$insert->execute(array(
$name,
$password,
$email,
$date,
$month,
$year
));
}
}
?>
waterloomatt
- 3,662
- 1
- 19
- 25
-
i removed quotes from placeholder and even try using all possible ways but it either store in database fields like :name,email, etc of the fields will be empty – SaNdeep Rao May 24 '17 at 05:16
-
$sql = $con->prepare("INSERT INTO pdo_check (name, password, email,date,month,year) VALUES (? ,? ,? , ?, ?,?)"); $sql->bindParam('name', $name); $sql->bindParam('password', $password); $sql->bindParam('email', $email); $sql->bindParam('date', $date); $sql->bindParam('month', $month); $sql->bindParam('year',$year); $sql->execute(); i have also try this one also chage the db name – SaNdeep Rao May 24 '17 at 05:20
-
A couple of questions. Is that the full code you pasted? Not doing anything to the params between defining them and the execute statement? I'll edit my answer to show you another way to execute it. Try it and let us know. – waterloomatt May 24 '17 at 12:16
-
dear sir thank you all of you i got it fixed but just want to ask one thing that while using PDO and bindParam whenever i use insert into () values instead of INSERT INTO () VALUES () i didnt get any values in db but there is no such problem while not using PDO and bindParam sorry if that was a silly question – SaNdeep Rao May 25 '17 at 19:34
-
$sql = ("INSERT INTO table() VALUES ( )"); $sql = ("insert into table() values ( )"); the second one not even show me any error but the problem is the value not inserted in db – SaNdeep Rao May 25 '17 at 21:57
-
-