Skip to content
Advertisement

write in database (php/mySQL)

The problem is very simple (and everything, php and html is on one file(.php))

<?php
    try {
        $bdd = new PDO('mysql:host=localhost;dbname=dlp;charset=utf8', /*the PDO works*/);
    } catch(Exception $e) {
        die('Erreur : '.$e->getMessage());
    }

    if(isset($_POST["name"], $_POST["pass"], $_POST["mail"]) 
        && !empty($_POST["name"]) && !empty($_POST["pass"]) && !empty($_POST["mail"])) { //that works
        
        if(!filter_var($_POST["mail"], FILTER_VALIDATE_EMAIL)) { //that works
            die("adresse email invalide");
        }
        $name=strip_tags(($_POST["name"]));    //that works
        $pass=password_hash($_POST["pass"], PASSWORD_ARGON2ID);    //that works
        $stmt="INSERT INTO `users` 
                        (`name`, `pass`, `mail`, `role`) 
                VALUES (:name, '$pass', :mail, '["ROLE_USER"]')";
        $query=$bdd->prepare($stmt);
            $query->bindvalue(':name', $name);
            $query->bindvalue(':mail', $_POST["mail"]);

        $query->execute();
   }else{
       die('formulaire incomplet');
    }
?>

html part:

</div>
    <form method="post">

        <section class="formulaireTitreCulture">
            <label for="name">name</label>
            <input type="name" name="name"></input>
        </section>

        <section class="formulaireTitreCulture">
            <label for="motdepasse">Mot de passe</label>
            <input id="motdepasse" name="pass"></input>
        </section>

        <section class="formulaireTitreCulture">
            <label for="">Mail</label>
            <input name="mail" id="mail">
        </section>
        <input type="submit" value="Envoyer">
    </form>
</div>

the result is die(‘formulaire incomplet’);,and nothing is written in the database, i don’t see why. Any clue is welcome! thanks by advance

Advertisement

Answer

First, use the bound parameters method for all your data.

Second set PDO to generate exceptions, then if the query does not compile or fails with some other reason you will get told.

<?php
    try {
        $bdd = new PDO('mysql:host=localhost;dbname=dlp;charset=utf8');
        $bdd->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $bdd->setAttribute(PDO::ATTR_EMULATE_PREPARES, FALSE);
        $bdd->setAttribute(PDO::MYSQL_ATTR_INIT_COMMAND,'SET NAMES UTF8');
    } catch(Exception $e) {
        echo 'Erreur : '.$e->getMessage());
    }

    if(isset($_POST["name"], $_POST["pass"], $_POST["mail"]) 
        && !empty($_POST["name"]) && !empty($_POST["pass"]) && !empty($_POST["mail"])) { //that works
        
        if(!filter_var($_POST["mail"], FILTER_VALIDATE_EMAIL)) { 
            throw new Exception("adresse email invalide");
        }

        $stmt="INSERT INTO `users` 
                        (`name`, `pass`, `mail`, `role`) 
                VALUES (:name, :pass, :mail, :role)";

        $query=$bdd->prepare($stmt);
        
        $pass = password_hash($_POST["pass"], PASSWORD_ARGON2ID);

        $query->bindvalue( ':name', strip_tags($_POST["name"]) );
        $query->bindvalue( ':mail', $_POST["mail"]);
        $query->bindvalue( ':pass', $pass);
        $query->bindvalue( ':name', json_encode(["ROLE_USER"]) );

        $query->execute();
    }else{
        throw new exception('formulaire incomplet');
    }  
}
?>
User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement