StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POPDO Inserting and Execution
text
Body
copied!<p>To preface things, I have very limited mysql knowledge and I decided to try and use PDO because I heard it is safer to use. That being said, if you see any injection liabilities as you attempt to help me out, let me know please! Anyways, I am having issues on how to handle the output of PDO queries, and just execution in general...</p> <p>The first thing I try to do is get the form data, and search the database to see if there are any other people with the same username or the same email:</p> <pre><code>if(isset($_POST['name']) && !empty($_POST['name']) AND isset($_POST['password']) && !empty($_POST['password']) AND $_POST['password'] == $_POST['password2'] AND isset($_POST['email']) && !empty($_POST['email']) AND isset($_POST['year']) && !empty($_POST['year']) AND isset($_POST['termsandconditions']) && !empty($_POST['termsandconditions'])){ $name = $_POST['name']; $password = $_POST['password']; $email = $_POST['email']; foreach ($_POST['year'] as $year); $termsandconditions = $_POST['termsandconditions']; $idqry = $sql->prepare("SELECT id FROM users WHERE username = :idcheck"); $idqry->bindParam(':idcheck', $name, PDO::PARAM_STR,20); $idqry->execute(); $emailqry = $sql->prepare("SELECT id FROM users WHERE email = :idcheck"); $emailqry->bindParam(':emailcheck', $email, PDO::PARAM_STR, 40); $emailqry->execute(); </code></pre> <p>Later on, I try to take the PDO queries checking for a duplicate username/email and create different conditions:</p> <pre><code>if(!eregi("^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.(edu)$", $email)){ // Return Error - Invalid Email $msg = 'The email you have entered is invalid, please try again.<br />*NOTE: You must use a .edu email to be able to register!'; }elseif($idqry != FALSE){ $msg = "That username has already been used, please try another one."; }elseif($emailqry != FALSE){ $msg = 'That email has already been used, <a class=statusmsg href="../recovery/">need to recover your password?</a>.'; }else{ $msg = 'Your account has been made, <br /> please verify it by clicking the activation link that has been sent to your email.'; $hash = md5(rand(0,1000)); $hashedpass = password_hash($password, PASSWORD_BCRYPT); $sqlinsert = $sql->prepare("INSERT INTO users (username, password, email, hash, year, termsandconditions) VALUES (:username, :password, :email, :hash, :year, :termsandconditions)"); $sqlinsert->execute(array( ':username' => $name, ':password' => $hashedpass, ':email' => $email, ':hash' => $hash, ':year' => $year, ':termsandconditions' => $termsandconditions)); } } </code></pre> <p>When I try to test this, I always get a $msg output of "That username has already been used, please try another one." (even if I enter a unique username)</p> <p>Do you see anything wrong? Also, is it possible to bindParam database INSERTs? Thanks!</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload