开发者

Having an error with executing my query

问答 作者:

Well, I'm creating a registration system for my website but I'm having trouble executing my query. I've tried to troubleshoot the problem, but I've had no success. Kind of confused :(

Here is my code:

public function registerUser($username, $password, $email) {
            global $core;
            if(empty($username) || empty($password) || empty($ema开发者_如何学运维il)) {
                throw new Exception ('A required field was left blank');
            } else {
                //SQL Query Data
                $data['username'] = $username;
                $data['password'] = $core->encrypt($password);
                $data['email'] = $email;
                $data['userKey'] = rand(999999, 100000);
                $data['ip'] = $_SERVER['REMOTE_ADDR'];
                $data['date'] = time();

                //SQL Query
                $sql = "INSERT INTO `u_userdata` ('user-key', 'username', 'password', 'email', 'register-ip', 'register-date') VALUES (:userKey, :username, :password, :email, :ip, :date)";
                $STH = $this->DBH->query($sql);
                $STH->execute($data);
            }
        }

and here is the error I'm getting:

Fatal error: Call to a member function execute() on a non-object in C:\xampp\htdocs\community\inc\user.inc.php on line 33

I'm guessing it's an error with the query, but I'm not sure what!

I think you have got PDO::prepare() mixed up with PDO::query():

It should be either:

$result = $this->DBH->query($sql);

Or:

$STH = $this->DBH->prepare($sql);
$STH->execute($data);

From the docs:

PDO::query() executes an SQL statement in a single function call, returning the result set (if any) returned by the statement as a PDOStatement object.

You would normally use PDO::prepare() if you are going to issue the same statement repeatedly, or if you need to bind parameters. As far as I am aware, it is not possible to bind parameters to your query prior to using PDO::query().

Note that with PDO::prepare() you can either use PDOStatement::bindParam() to bind parameters prior to calling PDOStatement->execute(), or you can pass the parameters as an array to PDOStatement->execute().

You also need to prefix your array keys with a colon. So the final result would be:

$data[':username'] = $username;
$data[':password'] = $core->encrypt($password);
$data[':email'] = $email;
$data[':userKey'] = rand(999999, 100000);
$data[':ip'] = $_SERVER['REMOTE_ADDR'];
data[':date'] = time();

//SQL Query
$sql = "INSERT INTO `u_userdata` ('user-key', 'username', 'password', 'email', 'register-ip', 'register-date') VALUES (:userKey, :username, :password, :email, :ip, :date)";
$STH = $this->DBH->prepare($sql);
$STH->execute($data);

You should use ` quote instead of ' in insert query.

"INSERT INTO u_userdata (user-key, username, password, email, register-ip, register-date) VALUES (:userKey, :username, :password, :email, :ip, :date)

the query() function executes the sql statement. you should use the prepare() function. i'm assuming that you are using pdo, because of the pdo tag

    $data[':username'] = $username;
    $data[':password'] = $core->encrypt($password);
    $data[':email'] = $email;
    $data[':userKey'] = rand(999999, 100000);
    $data[':ip'] = $_SERVER['REMOTE_ADDR'];
    $data[':date'] = time();

    //SQL Query
    $sql = "INSERT INTO `u_userdata` ('user-key', 'username', 'password', 'email', 'register-ip', 'register-date') VALUES (:userKey, :username, :password, :email, :ip, :date)";
    $stmt = $this->DBH->prepare($sql);
    $stmt->execute($data);

继续阅读:executepdophpregistration

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9