0

I've tried everything and just cant seem to get this working.. it's probably a silly mistake I can't see but any help is appreciated.

As stated in the question I'm trying to insert records into a table via a form. I have a functions.php which includes my database.php with the pdo connection (all working fine) class with the following function in it: 

function insertStaffUser($username, $password, $role) {

    include('database.php');
    try {
        $query = "INSERT INTO users (userid, username, password, role) VALUES (default, :username, :password, :role)";
        $stmt->$db->prepare($query);
        $stmt->bindParam(':username', $username);
        $stmt->bindParam(':password', $password);
        $stmt->bindParam(':role', $role);

        $result = $stmt->execute();
        if($result) {
            echo "INSERTED SUCCESSFULLY";
        } else {
            echo "error inserting";
        }
    } catch(PDOException $e) {
        echo "Error: " . $e->getMessage();
    }
}

And the following code is the one in my html class which is addUser.php with 3 text fields (new username, password and role).

<?php
if(isset($_POST['submit'])) {
    $new_username = $_POST['username'];
    $new_pass = $_POST['password'];
    $new_role = $_POST['role'];
    insertStaffUser($new_username, $new_pass, $new_role);
}
?>

Can anyone see what's wrong with this or what I'm doing wrong, thanks for the help!

Yaman Jain
  • 1,098
  • 10
  • 15
Hydra
  • 61
  • 1
  • 9
  • 4
    **Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure you ***[don't escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard Feb 24 '17 at 21:44
  • 1
    Nothing wrong right off of the bat save for you can remove `default` from the INSERT statement. Have you checked your error logs? – Jay Blanchard Feb 24 '17 at 21:45
  • Not sure what your database.php looks like, but you may try to turn on exceptions for PDO: `$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);` – Jeremy Harris Feb 24 '17 at 21:46
  • The number of expressions in the VALUES list must match the number of expressions in the column list. Remove "**`default ,`**" from the SQL text. – spencer7593 Feb 24 '17 at 21:47
  • Exceptions are on, sorry guys I edited it.. there was a userid field too – Hydra Feb 24 '17 at 21:52
  • 1
    yeah, that `default` is being treated as a constant. If you're wanting to use that, either set your column with a default value and replace it with `''` or use quotes `VALUES ('default',` - but if that id column is AI, then `default` won't work. Either take it out, or use `''` in values instead. – Funk Forty Niner Feb 24 '17 at 21:53
  • If `userid` is an auto-increment field you do not need to include it in your query. – Jay Blanchard Feb 24 '17 at 21:54
  • I removed the 'default' it is an auto-increment in the database so now the query reads $query = "INSERT INTO users (userid, username, password, role) VALUES (:username, :password, :role)"; – Hydra Feb 24 '17 at 21:56
  • 1
    ...`INSERT INTO users (username, password, role)` - remove `userid` – Funk Forty Niner Feb 24 '17 at 21:56
  • You have to have the same number of items each side of `VALUES` – Jay Blanchard Feb 24 '17 at 21:57
  • I think we should be seeing "Eureka!" pretty soon ;-) – Funk Forty Niner Feb 24 '17 at 21:58
  • haha Eureka I hope soon, so I removed the userid yet the query doesn't insert. – Hydra Feb 24 '17 at 22:00
  • What is going on in your error logs? – Jay Blanchard Feb 24 '17 at 22:00
  • 1
    ok well at this point, I think this is a variable scope issue. If it works without the custom `insertStaffUser()` function, then that's what's wrong. – Funk Forty Niner Feb 24 '17 at 22:01
  • Does the function call have access to the function? – Jay Blanchard Feb 24 '17 at 22:02
  • and make sure that all your POST arrays have value. We don't know what the HTML form looks like. Error reporting will be of help here also. – Funk Forty Niner Feb 24 '17 at 22:03
  • ok, well you can ping one of us with the @ symbol just like I did for you here @Hydra I have to go now, good luck with this :-) – Funk Forty Niner Feb 24 '17 at 22:11
  • Where is your `include 'functions.php';` in your `addUser.php`? Stop looking in the dark and [turn on PHP errors](http://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display). – Mikey Feb 24 '17 at 22:30
  • 2
    thanks a bunch for all the help guys!! - I managed to fix it - as I said it was a SILLY mistake (my
    needed a little method="post" and action lmfao.. long day is all I can say :)
     – Hydra Feb 24 '17 at 22:34

0 Answers0