PHP connection to database.

[Hendz]

<?php class UserQuery { public function Adduser($id,$username,$email,$password)

{

$conn = new Config();

$sql =("INSERT INTO test.user (id, username, email, password) VALUES ('$id', '$username', '$email',$password)");

$conn->exec($sql); }

}

 

getting an "exec doesnt exist "    error,  saying exec doesnt exist in my db file.

it doesnt need to exist does it ?

anyone any idea why ? 

 

[requinix]

34 minutes ago, Hendz said:

it doesnt need to exist does it ?

Of course it needs to exist: you're trying to use it. Can't very well use something that doesn't exist, can you?

But perhaps it's not a "Config" class you need to use?

[Hendz]

Yeah, i understand it needs to exist but ive read so much and cant figure it out. any hints to guide me in the right direction to solve this problem ? 

[Hendz]

@requinix I created a new pdo Object, and fed in details of db like in config file.

It doesnt throw the error anymore but then again when i run it it doesnt add given data lol.

Sorry, Im php noob. im normally a java dev just learning this is stressful.

 

class UserQuery {

public function Adduser($id,$username,$email,$password){

$dsn = "mysql:dbname=test;host=127.0.0.1:3306";

$user = "root"; $passwd = "2194";

$pdo = new PDO($dsn, $user, $passwd);

$sql =("INSERT INTO test.user (id, username, email, password) VALUES ('$id', '$username', '$email',$password)");

$pdo->exec($sql);

} }

[requinix]

See, the problem here is that there is clearly much more to your code than just the little bits you've posted, and there could certainly be problems elsewhere that would explain whatever issues you've having.

For example, maybe your PDO options are not set up to throw exceptions when things don't work, which would mean you would have no idea whether calling ->exec() worked or not. Look into what you need to do to change that behavior.

[Barand]

The missing quotes around $password aren't helping either, but when you do it correctly, using a prepared statement, then that problem will disappear.

[Phi11W]

16 hours ago, Hendz said:

$user = "root"; $passwd = "2194";

. . . 

$sql = "INSERT INTO users ( name, email, pswd_hash ) VALUES ( ?, ?, ? )";
$pdo->exec( $sql, [ $enteredName, $enteredEmail, yourFavouriteHashingFunction( $enteredPassword ) ] );
$newUserId = $pdo->lastInsertId(); 

 

Thank you for posting your database's root password for the whole world to read. 
Go and change it right now. 

Stop using the root user in your Application code. 
Create dedicated accounts for each of your Applications and grant these accounts appropriate permissions.  
Always keep the biggest and best tools to yourself (so that you can sort out the mess made by other people or programs). 

Stop using Reserved Words as table / column names (e.g. "user" & "password"). 
Doing so will come back to bite you, at some point. 

Don't store the user's actual password. 
Instead, take the entered password, put it through your favourite, one-way, hashing algorithm and store the result of that.  (When the user is logging in, take the entered password, hash it and check that value against what's in the database. 

Read up about Prepared Statements as a way to protect yourself against SQL Injection Attacks. 
Obligatory XKCD Reference: Little Bobby Tables.

Regards, 
   Phill  W.

[Barand]

3 hours ago, Phi11W said:

Don't store the user's actual password. 
Instead, take the entered password, put it through your favourite, one-way, hashing algorithm and store the result of that.  (When the user is logging in, take the entered password, hash it and check that value against what's in the database. 

@Hendz I recommend you use PHP's password_hash() and password_verify() functions.