PDO with INSERT INTO through prepared statements
You should be using it like so
<?php
$dbhost = 'localhost';
$dbname = 'pdo';
$dbusername = 'root';
$dbpassword = '845625';
$link = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbusername, $dbpassword);
$statement = $link->prepare('INSERT INTO testtable (name, lastname, age)
VALUES (:fname, :sname, :age)');
$statement->execute([
'fname' => 'Bob',
'sname' => 'Desaunois',
'age' => '18',
]);
Prepared statements are used to sanitize your input, and to do that you can use :foo
without any single quotes within the SQL to bind variables, and then in the execute()
function you pass in an associative array of the variables you defined in the SQL statement.
You may also use ?
instead of :foo
and then pass in an array of just the values to input like so;
$statement = $link->prepare('INSERT INTO testtable (name, lastname, age)
VALUES (?, ?, ?)');
$statement->execute(['Bob', 'Desaunois', '18']);
Both ways have their advantages and disadvantages. I personally prefer to bind the parameter names as it's easier for me to read.
How to insert form data into PDO using prepared statements?
I think you need learn PHP Form Handling first
example make form.html is
<html>
<body>
<form action="insert.php" method="post">
Name: <input type="text" name="firstname"><br>
Name: <input type="text" name="lastname"><br>
E-mail: <input type="text" name="email"><br>
<input type="submit">
</form>
</body>
</html>
then to data handling to database make insert.php
<?php
$servername = "localhost";
$username = "root";
$password = "yaskur";
$dbname = "test";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username,
$password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// prepare sql and bind parameters
$stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname,
email)
VALUES (:firstname, :lastname, :email)");
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->bindParam(':email', $email);
// insert a row
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$email = $_POST["email"];
$stmt->execute();
echo "New records created successfully";
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}
$conn = null;
?>
PDO MySQL prepared INSERT syntax error
INSERT INTO $date
It seems that there is a 2017-08-11 in $date var.
If you want to insert data into '2017-08-11' table, it should be escaped with ` symbol
try{
$statement = $db->prepare("INSERT INTO `$date` (name, surname, email, phone, comment) VALUES (:name, :surname, :email, :phone, :comment)");
$statement->bindParam(':name', $name);
$statement->bindParam(':surname', $surname);
$statement->bindParam(':email', $email);
$statement->bindParam(':phone', $phone);
$statement->bindParam(':comment', $comment);
$statement->execute();
}
catch(PDOException $e){
die("Connection to database failed: " . $e->getMessage());
}
PDO Statement inserts integers for string values in prepared statements
The reason is that bindParam
binds the parameters by reference. You're binding all your parameters to the same variable $value
. So when you execute the prepared statement, it will use the last value of this variable for all the parameters. That's why it's inserting 2
in every column.
Use bindValue
instead of bindParam
and I think it should solve your problem. Or get rid of your loop that calls bindParam
entirely, and just pass $bindValues
to execute()
.
PDO INSERT prepared statement, no errors but data are not inserted
Check your binds:
:$disease_1
: I think, it is:disease_1
- there is no placeholder named
addmod_ts
orrecruit_ts
I cannot get any error message
Are your if
executed at least?
other than some Warning on "undefined indexes"
Which are?
To use try/catch, do you have $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
in first place?
PDO Prepared Inserts multiple rows in single query
Multiple Values Insert with PDO Prepared Statements
Inserting multiple values in one execute statement. Why because according to this page it is faster than regular inserts.
$datafields = array('fielda', 'fieldb', ... );
$data[] = array('fielda' => 'value', 'fieldb' => 'value' ....);
$data[] = array('fielda' => 'value', 'fieldb' => 'value' ....);
more data values or you probably have a loop that populates data.
With prepared inserts you need to know the fields you're inserting to, and the number of fields to create the ? placeholders to bind your parameters.
insert into table (fielda, fieldb, ... ) values (?,?...), (?,?...)....
That is basically how we want the insert statement to look like.
Now, the code:
function placeholders($text, $count=0, $separator=","){
$result = array();
if($count > 0){
for($x=0; $x<$count; $x++){
$result[] = $text;
}
}
return implode($separator, $result);
}
$pdo->beginTransaction(); // also helps speed up your inserts.
$insert_values = array();
foreach($data as $d){
$question_marks[] = '(' . placeholders('?', sizeof($d)) . ')';
$insert_values = array_merge($insert_values, array_values($d));
}
$sql = "INSERT INTO table (" . implode(",", $datafields ) . ") VALUES " .
implode(',', $question_marks);
$stmt = $pdo->prepare ($sql);
$stmt->execute($insert_values);
$pdo->commit();
Although in my test, there was only a 1 sec difference when using multiple inserts and regular prepared inserts with single value.
Related Topics
PHP Sort Array by Two Field Values
How to Add a PHP Page to Wordpress
Create Programmatically a Woocommerce Product Variation With New Attribute Values
PHP Replacing Multiple Spaces With a Single Space
How to Properly Indent PHP/Html Mixed Code
The MySQLi Extension Is Missing. Please Check Your PHP Configuration
Making Sure PHP Substr Finishes on a Word Not a Character
Dompdf and Set Different Font-family
What Is the Meaning of Three Dots (...) in PHP
Why Are My PHP Files Showing as Plain Text
Fastest Way to Serve a File Using PHP
Best Practice on PHP Singleton Classes
How to Parse Json and Access Results
Including a Remote File in PHP