0

I'm kinda new to the whole php/mysql thingy, and thought i would like to start of with what i understand is the best standard for DB security (PDO).

In that case i want to upload the information entred in my form to my database. I've gotten it to work using MySQL, but i'm having a hard time understanding these errors and syntaxes.

DB connection: 

<?php
$host = "localhost";
$dbuser = "root";
$dbpassword = "";
$dbname   = "wwm";

// Creates the connection and check if it sucessfully connected. 
    try 
    {
        $conn = new PDO("mysql:host=$host;dbname=$dbname", $dbuser, $dbpassword);

        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
        echo 'Connected to Database';
    }
    catch(PDOException $e)
    {
        echo $e->getMessage();
    }
?>

Here is how i've understand the process of uploading the information to my MySQL database using PDO: 

<?php        
include 'connect.php';

//So this code will run if user did submit the form:
if (!empty($_POST))
{   
        $statement = $conn->prepare("INSERT INTO users(first_name, sur_name, email, password, role, region, survey) VALUES (:fname, :lname, :email, :password', :role, :region, :survey)");

        $statement->bindParam(':fname', $_POST['fname']);
        $statement->bindParam(':lname', $_POST['lname']);
        $statement->bindParam(':email', $_POST['email']);

//do i use mb5 for password, or is there another way to increase password security? 
        $statement->bindParam(':password', md5($_POST['password']));
        $statement->bindParam(':role', $_POST['role']);
        $statement->bindParam(':region', $_POST['region']);
        $statement->bindParam(':survey', $_POST['survey']);
        $statement->execute();
}
?>

I use $_POST['example']); in order to access my variables within the form, maybe there is another approach to this? 

Here are one of the errors i keep getting:

Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Artist', 'South America', 'Colleague')' at line 1 in C:\xampp\htdocs\WWM\register.php:21 Stack trace: #0 C:\xampp\htdocs\WWM\register.php(21): PDOStatement->execute() #1 {main} thrown in C:\xampp\htdocs\WWM\register.php on line 21

Thanks!

Steffen Nielsen
  • 3
  • 2
  • 1
    `:password'` should be `:password` – Masivuye Cokile Dec 01 '17 at 12:07
  • `//do i use mb5 for password, or is there another way to increase password security?` No you don't use `MD5()` php have `password_hash()` and `password_verify()` see [Secure hash and salt for PHP passwords](https://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords) – Masivuye Cokile Dec 01 '17 at 12:09

0 Answers0