0

The problem is very simple (and everything, php and html is on one file(.php))

<?php
    try {
        $bdd = new PDO('mysql:host=localhost;dbname=dlp;charset=utf8', /*the PDO works*/);
    } catch(Exception $e) {
        die('Erreur : '.$e->getMessage());
    }

    if(isset($_POST["name"], $_POST["pass"], $_POST["mail"]) 
        && !empty($_POST["name"]) && !empty($_POST["pass"]) && !empty($_POST["mail"])) { //that works
        
        if(!filter_var($_POST["mail"], FILTER_VALIDATE_EMAIL)) { //that works
            die("adresse email invalide");
        }
        $name=strip_tags(($_POST["name"]));    //that works
        $pass=password_hash($_POST["pass"], PASSWORD_ARGON2ID);    //that works
        $stmt="INSERT INTO `users` 
                        (`name`, `pass`, `mail`, `role`) 
                VALUES (:name, '$pass', :mail, '[\"ROLE_USER\"]')";
        $query=$bdd->prepare($stmt);
            $query->bindvalue(':name', $name);
            $query->bindvalue(':mail', $_POST["mail"]);

        $query->execute();
   }else{
       die('formulaire incomplet');
    }
?>

html part:


</div>
    <form method="post">

        <section class="formulaireTitreCulture">
            <label for="name">name</label>
            <input type="name" name="name"></input>
        </section>

        <section class="formulaireTitreCulture">
            <label for="motdepasse">Mot de passe</label>
            <input id="motdepasse" name="pass"></input>
        </section>

        <section class="formulaireTitreCulture">
            <label for="">Mail</label>
            <input name="mail" id="mail">
        </section>
        <input type="submit" value="Envoyer">
    </form>
</div>

the result is die('formulaire incomplet');,and nothing is written in the database, i don't see why. Any clue is welcome! thanks by advance

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Eric Minel
  • 7
  • 4
  • 1
    Why are you not passing the Password and Role as bound variables as well as all the other columns data – RiggsFolly Jul 13 '21 at 09:51
  • This `'[\"ROLE_USER\"]'` look a little unnecessarily complex. Can you explain what you want the columns data to look like, so maybe we understand the string you are trying to build there – RiggsFolly Jul 13 '21 at 09:55
  • i'm quite new in php! '[\"ROLE_USER\"]' is JSON, i'm not sure about it but my goal here is to assign a defined access to the database using the roles. with "normal", it works the table columns are: ``` id name pass mail role ``` – Eric Minel Jul 13 '21 at 10:21
  • _Side note:_ if you're checking `!empty($_POST[...])`, you don't need `isset()` as well. https://stackoverflow.com/questions/4559925/why-check-both-isset-and-empty – M. Eriksson Jul 13 '21 at 10:34
  • ` – M. Eriksson Jul 13 '21 at 10:40
  • Put it in MVC architecture, that works, thanks – Eric Minel Jul 16 '21 at 09:16

1 Answers1

0

First, use the bound parameters method for all your data.

Second set PDO to generate exceptions, then if the query does not compile or fails with some other reason you will get told.

<?php
    try {
        $bdd = new PDO('mysql:host=localhost;dbname=dlp;charset=utf8');
        $bdd->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $bdd->setAttribute(PDO::ATTR_EMULATE_PREPARES, FALSE);
        $bdd->setAttribute(PDO::MYSQL_ATTR_INIT_COMMAND,'SET NAMES UTF8');
    } catch(Exception $e) {
        echo 'Erreur : '.$e->getMessage());
    }

    if(isset($_POST["name"], $_POST["pass"], $_POST["mail"]) 
        && !empty($_POST["name"]) && !empty($_POST["pass"]) && !empty($_POST["mail"])) { //that works
        
        if(!filter_var($_POST["mail"], FILTER_VALIDATE_EMAIL)) { 
            throw new Exception("adresse email invalide");
        }

        $stmt="INSERT INTO `users` 
                        (`name`, `pass`, `mail`, `role`) 
                VALUES (:name, :pass, :mail, :role)";

        $query=$bdd->prepare($stmt);
        
        $pass = password_hash($_POST["pass"], PASSWORD_ARGON2ID);

        $query->bindvalue( ':name', strip_tags($_POST["name"]) );
        $query->bindvalue( ':mail', $_POST["mail"]);
        $query->bindvalue( ':pass', $pass);
        $query->bindvalue( ':name', json_encode(["ROLE_USER"]) );

        $query->execute();
    }else{
        throw new exception('formulaire incomplet');
    }  
}
?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149