CODEWITHSUNDEEP
php
j_timko
j_timko

Reputation: 121

Issue with Form and PDO

I plan to clean up the code, and make it more OOP friendly later, but for now I am struggling to get this to work. I have managed to get down for it to echo 'hi', but the execute doesn't seem to be putting anything into the database, and it is not giving me any errors. The code is

public function newAccount(array $data) {
    $error = NULL;
    //Check first name length, and make sure its over 2 characters
    if (strlen($data['fname']) > 2) {
        $fname = $data['fname'];
    }
    else  {
        $fname = FALSE;
        $error .= "Please put in a valid First Name. <br />";
    }

    //Check if last name length is over 2 characters
    if (strlen($data['lname']) > 2) {
        $lname = $data['lname'];
    }
    else {
        $lname = FALSE;
        $error .= "Please enter a valid Last Name. <br />";
    }

    // Check username
    if (strlen($data['user']) > 3) {
          $user = $data['user'];
    }
    else {
        $user = FALSE;
        $error .= "Username must be longer than 3 characters.<br />";
    }

    // Mske sure password is atleast 6 characters, and retyped correctly
    if (strlen($data['pass']) > 5) {
        if ($data['pass'] == $data['repass']) {
            $pass = $data['pass'];
        }
        else {
            $pass = FALSE;
            $error .= "Passwords do not match.<br />";
        }
    }
    else {
        $pass = FALSE;
        $error .= "Password must be longer than 6 characters.";
    }

    //make sure email looks correct, strpos makes sure there is an '@'
    if (strlen($data['email']) > 5 && strpos($data['email'], '@')) {
        $email = $data['email'];
    }
    else {
        $email = FALSE;
        $error .= "Please enter a valid email. <br />";
    }
    // Check if user is suppose to be admin
    if (isset($data['admin'])) {
        $admin = '1';
    }
    else {
        $admin = '0';
    }

    if ($fname && $lname && $user && $pass && $email) {
        echo 'hi';
        try {
        $sth = $this->dbc->prepare("INSERT INTO users(user, password first_name, last_name, email, admin) VALUES(:user, MD5(:pass), :fname, :lname, :email, :admin)");

        $sth->execute(array(":user" => $user,
                            ":pass" => $pass,
                            ":fname" => $fname,
                            ":lname" => $lname,
                            ":email" => $email,
                            ":admin" => $admin)
                     );
        }
        catch (PDOException $e) {
            echo $e->getMessage();
        }

    }
    else {
        echo "Error" . $error;
    }

}

Thanks in advance!

Upvotes: 0

Views: 61

Answers (1)

hjpotter92
hjpotter92

Reputation: 80639

In your insert query, you are missing a comma after password field.

It should be

$sth = $this->dbc->prepare("INSERT INTO
    users(user, password, first_name, last_name, email, admin)
    VALUES(:user, MD5(:pass), :fname, :lname, :email, :admin)");

Also, when testing is entered string is email address or not, use filter_var(). Like this:

if( filter_var($data['email'], FILTER_VALIDATE_EMAIL) { 
    //do this...

Upvotes: 1

Related Questions