PHP PDO - INSERT INTO with bindParam does not work

Question

I stucked at this little piece of code:

$fruit_object = new fruit(1234, 'apple', 'red apple');    

try {
    $dbh = new PDO('mysql:host=localhost;charset=utf8;dbname=database', 'user', 'password');
    $exc = $dbh->prepare("INSERT INTO fruit( type, name) VALUES (:type, :name);");                               
    //$exc->bindParam(':id',   $fruit_object->id,   PDO::PARAM_INT);
    $exc->bindParam(':type', $fruit_object->type, PDO::PARAM_STR);
    $exc->bindParam(':name', $fruit_object->name, PDO::PARAM_STR);
    $exc->execute();
    $dbh = null;
    $exc = null;
} catch (PDOException $e) {
    //this function just do an echo with static content
    $this->error_database($e);
    $dbh = null;
    $exc = null;
    die();
}

I already used PDO for SELECTING things from my database, but with INSERTING something, it does not work. The user has the access to only INSERT stuff - i already tried that on my backend successfully.

So here is the error:

Fatal error: Uncaught Error: Cannot access private property fruit_object::$type

This is my fruit_object class:

<?php


class fruit
{
private $id;
private $type;
private $name;

function __construct($id, $type, $name)
{
    $this->id = $id;
    $this->type = $type;
    $this->name = $name;

}

function __toString()
{
    return $this->name;
}
}

For martin:

INSERT INTO fruit (id, type, name) VALUES (DEFAULT, 'apple', 'red apple');

My database is running on a MySQL server - is this the cause ? Do i have to work with questionmarks (?)?

Thank you, Louis

PDO does only throw exceptions when you instruct it to ... did you do that? If not, go research it. — CBroe, Aug 11 '17 at 11:18
If you're inserting an ID into an auto increment field and you've already inserted then it will cause a MySQL error (dupliate A_I field value) — Martin, Aug 11 '17 at 11:21
Yeah i know that, I am using the DEFAULT keyword in my real statement. — , Aug 11 '17 at 11:22
There is a SQL keyword 'DEFAULT' which automaticly counts the ID up. — , Aug 11 '17 at 11:23
it that case, INSERT INTO fruit (type, name) VALUES ( 'apple', 'red apple'); — Michael GEDION, Aug 11 '17 at 11:35
You need to edit your question and at the bottom show us the structure of your object class. — Martin, Aug 11 '17 at 11:45

Jigar Shah · Answer 1 · 2017-08-11T11:24:47.643

3

You are missing closing brace for prepare and semi colon

$exc = $dbh->prepare("INSERT INTO fruit(id, type, name) VALUES (:id, :type, :name)");

if not working then add this line to check error

print_r($exc->errorInfo());

edited Aug 11 '17 at 11:24

answered Aug 11 '17 at 11:15

Jigar Shah

6,143
2
28
41

now, are you getting any error or warning? Also make sure error reporting is on – Jigar Shah Aug 11 '17 at 11:18

score 1 · Accepted Answer · edited Jun 20 '20 at 09:12

Answering Question 1:

PHP PDO - INSERT INTO with bindParam does not work

If you're inserting an ID into an auto increment field and you've already inserted then it will cause a MySQL error (dupliate A_I field value) – Martin

Yeah i know that, I am using the DEFAULT keyword in my real statement. – louis12356

explain; default keyword for what? – Martin

There is a SQL keyword 'DEFAULT' which automaticly counts the ID up. – louis12356

You should not be supplying a value for your Auto Increment (id) column. What it looks like is that you're giving a MySQL Instruction via PDO variable which will Never Work. This is because PDO uses Prepared Statements and so variables are only ever going to be variables and can never be instructions.

The Default keyword in MySQL is an instruction to the MySQL program. This instruction will be ignored, not only because it is disallowed but also because you're passing a STRING value to PDO INSERT which claims it should be an INT :

 $exc->bindParam(':id',   $fruit_object->id,   PDO::PARAM_INT);

If $fruit_object->id == "DEFAULT" this is NOT AN INTEGER; so therefore PDO will not run the query.

Solution

Auto Increment values simply don't need to be inserted, ignore them:

try {
    $dbh = new PDO('mysql:host=localhost;charset=utf8;dbname=database', 'user', 'password');
    $exc = $dbh->prepare("INSERT INTO fruit( type, name) VALUES ( :type, :name);");                               
    // $exc->bindParam(':id',   $fruit_object->id,   PDO::PARAM_INT);
    $exc->bindParam(':type', $fruit_object->type, PDO::PARAM_STR);
    $exc->bindParam(':name', $fruit_object->name, PDO::PARAM_STR);
    $exc->execute();
    $dbh = null;
    $exc = null;
}

Example of what you're trying to run:

 INSERT INTO fruit (id, type, name) VALUES (DEFAULT, 'apple', 'red apple');

But due to the security constraints of PDO (ignoring the String/Int data type issue) what is actually being run is:

INSERT INTO fruit (id, type, name) 
     VALUES ( <int var> "DEFAULT", <str var> "apple", <str var> "red apple");

So you're trying to insert the string variable "Default" into an integer column in MySQL

Answering Question 2:

 Fatal error: Uncaught Error: Cannot access private property fruit_object::$type

This is due to your class setting the value of this type to being Private rather than Public, which means the value can not be shown outside of the class (this is a slight over simplification but time is pressing me!)

What you need to do is either:

Set your values accessability to being public
OR, build setter and getter methods into your class so you can whip out these private values as often as you want (oh matron!!).

So:

class fruit
{
    private $id;
    private $type;
    private $name;

    /***
     * Getter
     ***/ 
    function getType()
    {
        return $this->type;
    }

    /***
     * Setter
     ***/
    function setType($value){
         $this->type = $value;
    }
}

Then in your PDO:

$exc->bindParam(':type', $fruit_object->getType(), PDO::PARAM_STR);

This will output your value to the script.

If you want a much simpler approach you can simply replace private $name; with public $name; and then the named variables value will be accessible from outside the class :

 $exc->bindParam(':name', $fruit_object->name, PDO::PARAM_STR);

Read more about Class value access levels

yeah, i didnt want to do that in the above example, but in my real code. I learned some times ago, that the "DEFAULT" keyword works finde in ORACLE SQL. I will come back to that. — , Aug 11 '17 at 11:36
@louis12356 It may work in some SQL natively but PDO is very secure and will not insert Instructional values into any SQL, anywhere, ever. That's why it's so much safer than `mysql_` . Also it's the wrong data type (string not int) and also MySQL does not use DEFAULT in the same way as Oracle. You're simply trying to drive a motorbike with the knowledge you have of driving a tractor. Totally different. — Martin, Aug 11 '17 at 11:38
@louis12356 I've shown you the solution; instead of `default` just ignore the A_I column and it will sort itself out. (hence the term *auto_* haha `:-p`) — Martin, Aug 11 '17 at 11:41
i should adjust my questions' code... my real code still shows the error displayed above, with all variables of my object. — , Aug 11 '17 at 11:42
interesting. I am dumb. Already worked with getter and setter methods. Thanks a lot! :-D — , Aug 11 '17 at 11:55
@louis12356 glad to help, I just added a link to an SO post which has details about how access modifiers are used. Hope this helps you `:-)` — Martin, Aug 11 '17 at 11:57
I learned C# for 3 years now and PHP for a half - sometimes it is still very confusing xD — , Aug 11 '17 at 11:58
@louis12356 I know both and can sympathise it's very tricky they handle their data management in significantly different ways. PHP is more lax and *inherited* with its data, but it's syntax structure and wording are easier to read and undestand.... — Martin, Aug 11 '17 at 12:00

PHP PDO - INSERT INTO with bindParam does not work

2 Answers2

Answering Question 1:

Solution

Answering Question 2: