0

I am creating a user registration system using PDO, and am attempting to insert the users form data into a database table. Very simple, however the wrong value is entered into the database. The values entered into the database are :username, :password, :email_address, :city, etc, rather than the value passed to the function from my form. Any idea as to what I am doing wrong? I tried using bindParam and bindValue but had similar results, and based on other posts I concluded that using an array is the best way to do it. help!

    function add_user($username, $password, $email, $fName, $lName, $address, $city, $state, $zip, $phone ) {
global $db;
$sql = "INSERT INTO alumni_user_info 
        (username, password, email_address, first, last, address, city, state, zip_code, phone)
        VALUES
        (':username', ':password', ':email_address', ':first', ':last', ':address', ':city', ':state', ':zip_code', ':phone')";

$sth = $db->prepare($sql);      

$result = $sth -> execute(array(':username' => $username, ':password' => $password, ':email_address' => $email, ':first' => $fName, ':last' => $lName, ':address' => $address, ':city' => $city, ':state' => $state, ':zip_code' => $zip, ':phone' => $phone)); 


if ($sth->execute()) {
$success = "Registration successful";
return $success;

} else {
var_dump($result->errorInfo());
$success = "Registration failed";
return $success;
}
Improve this question
3
  • 2
    And how does the original value differ from the "wrong value" which ends up in the database? Commented Nov 2, 2013 at 22:57
  • Missing a step: php.net/manual/en/pdostatement.bindparam.php Commented Nov 2, 2013 at 23:07
  • @TiesonT. He binds parameters in execute function. Commented Nov 2, 2013 at 23:08

1 Answer 1

Reset to default
3

Do not use quotes for parameters. It will be escaped because you're binding parameters already.

$sql = "INSERT INTO alumni_user_info 
    (username, password, email_address, first, last, address, city, state, zip_code, phone)
    VALUES
    (:username, :password, :email_address, :first, :last, :address, :city, :state, :zip_code, :phone)";

If you do something like this ':username' PDO will treat it as string.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.