PDO Insert not working

Beginners - Learning PHP
#1

I am putting a simple page together for friends to add their name to my super bowl party. The insert is not working.

The insert line echo’s this…
INSERT INTO peeps(pname, pcnt, dish) VALUES(‘Raquel’, 1, ‘Brownies’)

There are 4 variables passed: rec (to determine if it needs to add a rec), pname, pcnt and dish.

Here is the code (yes I know it is open to sql injection but it is only up for a week and my friends do not understand computers!)…
[php]if ($_GET[‘rec’]==“add”){
$peep_insert=“INSERT INTO peeps(pname, pcnt, dish) VALUES(’” . $_GET[‘pname’] . "’, " . $_GET[‘people’] . “, '” . $_GET[‘dish’] . “’)”;
$my_insert=$pdo->prepare($peep_insert);
echo $peep_insert . “
”;
$my_insert->execute();
}[/php]

What am I doing wrong?

#2

You are completely removing the purpose of using PDO if you don’t use prepared statements. Once you get use to doing it, it comes naturally.

Could you post the form code and the database structure? And are there any errors that you are seeing?

#3

If you are at least running PHP 5.3 (and you should be) then really all you need is SQLite3 for this. I wrote a simple script showing how it can be done (It works. 8)).
[php]<?php
/* START OF CREATING DATABASE AND TABLE */
class MyDB extends SQLite3
{
function __construct()
{
$this->open(‘guest_book.db’);
}
}
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
} else {
echo “Opened database successfully\n”;
}

/* This creates the database table */
$sql =<<<EOF
CREATE TABLE IF NOT EXISTS guest_book
(id INTEGER PRIMARY KEY AUTOINCREMENT,
pname VARCHAR(60) NOT NULL,
pcount VARCHAR(60) NOT NULL,
dish VARCHAR(60) NOT NULL);
EOF;

$ret = $db->exec($sql);
if(!$ret){
echo $db->lastErrorMsg();
} else {
echo “Table created successfully\n”;
}
$db->close();

/* END OF CREATING DATABASE AND TABLE */

/* CAN COMMENT THE ABOVE OUT ONCE IT WAS RUN ONCE IF SO DESIRED */

try {
/*** Connect to SQLite database ***/
$pdo = new PDO(“sqlite:guest_book.db”);
}
catch(PDOException $e)
{
echo $e->getMessage();
}

if ( isset($_POST[‘submit’]) && $_POST[‘submit’] === “Submit” ) {
/* Create a query using prepared statements /
$query = ‘INSERT INTO guest_book( pname, pcount, dish ) VALUES ( :pname, :pcount, :dish )’;
/ Prepared the Statement /
$stmt = $pdo->prepare($query);
/ Excute the statement with the prepared values /
$result = $stmt->execute(array( ‘:pname’ => $_POST[‘pname’], ‘:pcount’ => $_POST[‘pcount’], ‘:dish’ => $_POST[‘dish’] ));
/ Check to see it was successfully entered into the database table. */
if ($result) {
echo ‘Data was succesfully entered!’;
} else {
echo ‘Error, Something went wrong’;
}
}

/* Display Guest Book /
/ Setup the query /
$query = ‘SELECT id, pname, pcount, dish FROM guest_book ORDER BY id’;
/ Prepare the query /
$stmt = $pdo->prepare($query);
/ Execute the query */
$stmt->execute();

?>
<!doctype html>

Superbowl Party Reservations <?php /* Cycle throught the database table displaying all that are coming using a while-loop */ while ($record = $stmt->fetch(PDO::FETCH_OBJ)) { echo '

Record Number : ' . $record->id . ' Name -> ' . $record->pname . ' Count -> ' . $record->pcount . ' Dish -> ' . $record->dish . '

' . "\n"; } ?> Name:
Number of People:
Dish:

[/php]
Sponsor our Newsletter | Privacy Policy | Terms of Service