write in database (php/mySQL)

The problem is very simple
(and everything, php and html is on one file(.php))

<?php
    try {
        $bdd = new PDO('mysql:host=localhost;dbname=dlp;charset=utf8', /*the PDO works*/);
    } catch(Exception $e) {
        die('Erreur : '.$e->getMessage());
    }

    if(isset($_POST["name"], $_POST["pass"], $_POST["mail"]) 
        && !empty($_POST["name"]) && !empty($_POST["pass"]) && !empty($_POST["mail"])) { //that works
        
        if(!filter_var($_POST["mail"], FILTER_VALIDATE_EMAIL)) { //that works
            die("adresse email invalide");
        }
        $name=strip_tags(($_POST["name"]));    //that works
        $pass=password_hash($_POST["pass"], PASSWORD_ARGON2ID);    //that works
        $stmt="INSERT INTO `users` 
                        (`name`, `pass`, `mail`, `role`) 
                VALUES (:name, '$pass', :mail, '["ROLE_USER"]')";
        $query=$bdd->prepare($stmt);
            $query->bindvalue(':name', $name);
            $query->bindvalue(':mail', $_POST["mail"]);

        $query->execute();
   }else{
       die('formulaire incomplet');
    }
?>

html part:

</div>
    <form method="post">

        <section class="formulaireTitreCulture">
            <label for="name">name</label>
            <input type="name" name="name"></input>
        </section>

        <section class="formulaireTitreCulture">
            <label for="motdepasse">Mot de passe</label>
            <input id="motdepasse" name="pass"></input>
        </section>

        <section class="formulaireTitreCulture">
            <label for="">Mail</label>
            <input name="mail" id="mail">
        </section>
        <input type="submit" value="Envoyer">
    </form>
</div>

the result is die(‘formulaire incomplet’);,and nothing is written in the database, i don’t see why.
Any clue is welcome! thanks by advance

Answers:

Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

First, use the bound parameters method for all your data.

Second set PDO to generate exceptions, then if the query does not compile or fails with some other reason you will get told.

<?php
    try {
        $bdd = new PDO('mysql:host=localhost;dbname=dlp;charset=utf8');
        $bdd->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $bdd->setAttribute(PDO::ATTR_EMULATE_PREPARES, FALSE);
        $bdd->setAttribute(PDO::MYSQL_ATTR_INIT_COMMAND,'SET NAMES UTF8');
    } catch(Exception $e) {
        echo 'Erreur : '.$e->getMessage());
    }

    if(isset($_POST["name"], $_POST["pass"], $_POST["mail"]) 
        && !empty($_POST["name"]) && !empty($_POST["pass"]) && !empty($_POST["mail"])) { //that works
        
        if(!filter_var($_POST["mail"], FILTER_VALIDATE_EMAIL)) { 
            throw new Exception("adresse email invalide");
        }

        $stmt="INSERT INTO `users` 
                        (`name`, `pass`, `mail`, `role`) 
                VALUES (:name, :pass, :mail, :role)";

        $query=$bdd->prepare($stmt);
        
        $pass = password_hash($_POST["pass"], PASSWORD_ARGON2ID);

        $query->bindvalue( ':name', strip_tags($_POST["name"]) );
        $query->bindvalue( ':mail', $_POST["mail"]);
        $query->bindvalue( ':pass', $pass);
        $query->bindvalue( ':name', json_encode(["ROLE_USER"]) );

        $query->execute();
    }else{
        throw new exception('formulaire incomplet');
    }  
}
?>


All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x