multi-queries pdo [closed]
up vote
-5
down vote
favorite
I wrote a registering script with PHP, using PDO and password_compat for security reasons. I was using mysqli and md5 but after many problems I decided to switch over.
Now I've a problem that give me a headache
All I want is to produce a multi query and add INSERT INTO faction_logs(Text,player) values(':username s-a inregistrat cu succes. Bun venit!', ':username') after $sql = "INSERT INTO users (name, password) VALUES (:username, :password)";.
But I don't really know how to do it.
<?php
//register.php
error_reporting(E_ALL);
ini_set('display_errors', 1);
/**
* Start the session.
*/
/**
* Include ircmaxell's password_compat library.
*/
require '/home/panel/public_html/demo/lib/password.php';
/**
* Include our MySQL connection.
*/
require 'connect.php';
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){
//Retrieve the field values from our registration form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
$sql = "SELECT COUNT(name) AS num FROM users WHERE name = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if($row['num'] > 0){
die('That username already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, password) VALUES (:username, :password)";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//If the signup process is successful.
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
}
?>
beginner php mysql pdo
asked Nov 26 at 20:33
Carlo Hera
13
closed as off-topic by Sᴀᴍ Onᴇᴌᴀ, Vogel612♦ Nov 27 at 0:00
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Code not implemented or not working as intended: Code Review is a community where programmers peer-review your working code to address issues such as security, maintainability, performance, and scalability. We require that the code be working correctly, to the best of the author's knowledge, before proceeding with a review." – Sᴀᴍ Onᴇᴌᴀ, Vogel612
If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |
up vote
-5
down vote
favorite
I wrote a registering script with PHP, using PDO and password_compat for security reasons. I was using mysqli and md5 but after many problems I decided to switch over.
Now I've a problem that give me a headache
All I want is to produce a multi query and add INSERT INTO faction_logs(Text,player) values(':username s-a inregistrat cu succes. Bun venit!', ':username') after $sql = "INSERT INTO users (name, password) VALUES (:username, :password)";.
But I don't really know how to do it.
<?php
//register.php
error_reporting(E_ALL);
ini_set('display_errors', 1);
/**
* Start the session.
*/
/**
* Include ircmaxell's password_compat library.
*/
require '/home/panel/public_html/demo/lib/password.php';
/**
* Include our MySQL connection.
*/
require 'connect.php';
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){
//Retrieve the field values from our registration form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
$sql = "SELECT COUNT(name) AS num FROM users WHERE name = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if($row['num'] > 0){
die('That username already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, password) VALUES (:username, :password)";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//If the signup process is successful.
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
}
?>
beginner php mysql pdo
asked Nov 26 at 20:33
Carlo Hera
13
closed as off-topic by Sᴀᴍ Onᴇᴌᴀ, Vogel612♦ Nov 27 at 0:00
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Code not implemented or not working as intended: Code Review is a community where programmers peer-review your working code to address issues such as security, maintainability, performance, and scalability. We require that the code be working correctly, to the best of the author's knowledge, before proceeding with a review." – Sᴀᴍ Onᴇᴌᴀ, Vogel612
If this question can be reworded to fit the rules in the help center, please edit the question.
What have you tried so far?
– Dharman
Nov 26 at 20:40
@Dharman I tried to use it like $sql = "INSERT INTO users (name, password) VALUES (:username, :password); INSERT INTO etc.. ";
– Carlo Hera
Nov 26 at 20:45
1
Welcome on Code Review. Unfortunately, we don't provide code, we review code you've written. Depending on your problem, another site of the StackExchange network can help you. Please see our help center for more information.
– Calak
Nov 26 at 23:00
add a comment |
up vote
-5
down vote
favorite
up vote
-5
down vote
favorite
I wrote a registering script with PHP, using PDO and password_compat for security reasons. I was using mysqli and md5 but after many problems I decided to switch over.
Now I've a problem that give me a headache
All I want is to produce a multi query and add INSERT INTO faction_logs(Text,player) values(':username s-a inregistrat cu succes. Bun venit!', ':username') after $sql = "INSERT INTO users (name, password) VALUES (:username, :password)";.
But I don't really know how to do it.
<?php
//register.php
error_reporting(E_ALL);
ini_set('display_errors', 1);
/**
* Start the session.
*/
/**
* Include ircmaxell's password_compat library.
*/
require '/home/panel/public_html/demo/lib/password.php';
/**
* Include our MySQL connection.
*/
require 'connect.php';
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){
//Retrieve the field values from our registration form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
$sql = "SELECT COUNT(name) AS num FROM users WHERE name = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if($row['num'] > 0){
die('That username already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, password) VALUES (:username, :password)";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//If the signup process is successful.
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
}
?>
beginner php mysql pdo
asked Nov 26 at 20:33
Carlo Hera
13
I wrote a registering script with PHP, using PDO and password_compat for security reasons. I was using mysqli and md5 but after many problems I decided to switch over.
Now I've a problem that give me a headache
All I want is to produce a multi query and add INSERT INTO faction_logs(Text,player) values(':username s-a inregistrat cu succes. Bun venit!', ':username') after $sql = "INSERT INTO users (name, password) VALUES (:username, :password)";.
But I don't really know how to do it.
<?php
//register.php
error_reporting(E_ALL);
ini_set('display_errors', 1);
/**
* Start the session.
*/
/**
* Include ircmaxell's password_compat library.
*/
require '/home/panel/public_html/demo/lib/password.php';
/**
* Include our MySQL connection.
*/
require 'connect.php';
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){
//Retrieve the field values from our registration form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
$sql = "SELECT COUNT(name) AS num FROM users WHERE name = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if($row['num'] > 0){
die('That username already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, password) VALUES (:username, :password)";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//If the signup process is successful.
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
}
?>
beginner php mysql pdo
beginner php mysql pdo
asked Nov 26 at 20:33
Carlo Hera
13
asked Nov 26 at 20:33
Carlo Hera
13
edited Nov 26 at 22:58
asked Nov 26 at 20:33
Carlo Hera
13
asked Nov 26 at 20:33
Carlo Hera
13
asked Nov 26 at 20:33
Carlo Hera
13
13
closed as off-topic by Sᴀᴍ Onᴇᴌᴀ, Vogel612♦ Nov 27 at 0:00
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Code not implemented or not working as intended: Code Review is a community where programmers peer-review your working code to address issues such as security, maintainability, performance, and scalability. We require that the code be working correctly, to the best of the author's knowledge, before proceeding with a review." – Sᴀᴍ Onᴇᴌᴀ, Vogel612
If this question can be reworded to fit the rules in the help center, please edit the question.
closed as off-topic by Sᴀᴍ Onᴇᴌᴀ, Vogel612♦ Nov 27 at 0:00
This question appears to be off-topic. The users who voted to close gave this specific reason:
- "Code not implemented or not working as intended: Code Review is a community where programmers peer-review your working code to address issues such as security, maintainability, performance, and scalability. We require that the code be working correctly, to the best of the author's knowledge, before proceeding with a review." – Sᴀᴍ Onᴇᴌᴀ, Vogel612
If this question can be reworded to fit the rules in the help center, please edit the question.
What have you tried so far?
– Dharman
Nov 26 at 20:40
@Dharman I tried to use it like $sql = "INSERT INTO users (name, password) VALUES (:username, :password); INSERT INTO etc.. ";
– Carlo Hera
Nov 26 at 20:45
1
Welcome on Code Review. Unfortunately, we don't provide code, we review code you've written. Depending on your problem, another site of the StackExchange network can help you. Please see our help center for more information.
– Calak
Nov 26 at 23:00
add a comment |
What have you tried so far?
– Dharman
Nov 26 at 20:40
@Dharman I tried to use it like $sql = "INSERT INTO users (name, password) VALUES (:username, :password); INSERT INTO etc.. ";
– Carlo Hera
Nov 26 at 20:45
1
Welcome on Code Review. Unfortunately, we don't provide code, we review code you've written. Depending on your problem, another site of the StackExchange network can help you. Please see our help center for more information.
– Calak
Nov 26 at 23:00
What have you tried so far?
– Dharman
Nov 26 at 20:40
What have you tried so far?
– Dharman
Nov 26 at 20:40
@Dharman I tried to use it like $sql = "INSERT INTO users (name, password) VALUES (:username, :password); INSERT INTO etc.. ";
– Carlo Hera
Nov 26 at 20:45
@Dharman I tried to use it like $sql = "INSERT INTO users (name, password) VALUES (:username, :password); INSERT INTO etc.. ";
– Carlo Hera
Nov 26 at 20:45
1
1
Welcome on Code Review. Unfortunately, we don't provide code, we review code you've written. Depending on your problem, another site of the StackExchange network can help you. Please see our help center for more information.
– Calak
Nov 26 at 23:00
Welcome on Code Review. Unfortunately, we don't provide code, we review code you've written. Depending on your problem, another site of the StackExchange network can help you. Please see our help center for more information.
– Calak
Nov 26 at 23:00
add a comment |
1 Answer
1
active
oldest
votes
up vote
-4
down vote
So is this the code which you have used? Why can't I see the insert statement in your source code?
If you wanted to execute both queries using single execute, then it won't work. Just use the code in its entirety but change the SQL statement and use just single parameter.
Once you get more advanced learn about SQL transactions and use that to make sure both your inserts are atomic.
<?php
//register.php
error_reporting(E_ALL);
ini_set('display_errors', 1);
/**
* Start the session.
*/
/**
* Include ircmaxell's password_compat library.
*/
require '/home/panel/public_html/demo/lib/password.php';
/**
* Include our MySQL connection.
*/
require 'connect.php';
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){
//Retrieve the field values from our registration form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
$sql = "SELECT COUNT(name) AS num FROM users WHERE name = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if($row['num'] > 0){
die('That username already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, password) VALUES (:username, :password)";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//If the signup process is successful.
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
/*
Here is your next DB statement
1. You need to prepare new SQL statement
2. Attach the right variable to the statement. PDO allows to reuse named parameters
3. Execute your new statement
4. Check if successful
*/
$sql = "INSERT INTO faction_logs(Text,player) values(':username s-a inregistrat cu succes. Bun venit!', ':username')";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
//Execute the statement and insert new entry into faction_logs
$result = $stmt->execute();
//If the insertion into faction_logs is successful
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
}
?>
answered Nov 26 at 20:51
Dharman
952
1
Welcome to Code Review! You have presented an alternative solution, but haven't reviewed the code. Next time, please explain your reasoning (how your solution works and how it improves upon the original) so that the author can learn from your thought process. As it stands, you have answered a question that's not in scope for this site, which might be a reason for the downvotes on this answer.
– Vogel612♦
Nov 27 at 0:01
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
-4
down vote
So is this the code which you have used? Why can't I see the insert statement in your source code?
If you wanted to execute both queries using single execute, then it won't work. Just use the code in its entirety but change the SQL statement and use just single parameter.
Once you get more advanced learn about SQL transactions and use that to make sure both your inserts are atomic.
<?php
//register.php
error_reporting(E_ALL);
ini_set('display_errors', 1);
/**
* Start the session.
*/
/**
* Include ircmaxell's password_compat library.
*/
require '/home/panel/public_html/demo/lib/password.php';
/**
* Include our MySQL connection.
*/
require 'connect.php';
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){
//Retrieve the field values from our registration form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
$sql = "SELECT COUNT(name) AS num FROM users WHERE name = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if($row['num'] > 0){
die('That username already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, password) VALUES (:username, :password)";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//If the signup process is successful.
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
/*
Here is your next DB statement
1. You need to prepare new SQL statement
2. Attach the right variable to the statement. PDO allows to reuse named parameters
3. Execute your new statement
4. Check if successful
*/
$sql = "INSERT INTO faction_logs(Text,player) values(':username s-a inregistrat cu succes. Bun venit!', ':username')";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
//Execute the statement and insert new entry into faction_logs
$result = $stmt->execute();
//If the insertion into faction_logs is successful
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
}
?>
answered Nov 26 at 20:51
Dharman
952
1
Welcome to Code Review! You have presented an alternative solution, but haven't reviewed the code. Next time, please explain your reasoning (how your solution works and how it improves upon the original) so that the author can learn from your thought process. As it stands, you have answered a question that's not in scope for this site, which might be a reason for the downvotes on this answer.
– Vogel612♦
Nov 27 at 0:01
add a comment |
up vote
-4
down vote
So is this the code which you have used? Why can't I see the insert statement in your source code?
If you wanted to execute both queries using single execute, then it won't work. Just use the code in its entirety but change the SQL statement and use just single parameter.
Once you get more advanced learn about SQL transactions and use that to make sure both your inserts are atomic.
<?php
//register.php
error_reporting(E_ALL);
ini_set('display_errors', 1);
/**
* Start the session.
*/
/**
* Include ircmaxell's password_compat library.
*/
require '/home/panel/public_html/demo/lib/password.php';
/**
* Include our MySQL connection.
*/
require 'connect.php';
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){
//Retrieve the field values from our registration form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
$sql = "SELECT COUNT(name) AS num FROM users WHERE name = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if($row['num'] > 0){
die('That username already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, password) VALUES (:username, :password)";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//If the signup process is successful.
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
/*
Here is your next DB statement
1. You need to prepare new SQL statement
2. Attach the right variable to the statement. PDO allows to reuse named parameters
3. Execute your new statement
4. Check if successful
*/
$sql = "INSERT INTO faction_logs(Text,player) values(':username s-a inregistrat cu succes. Bun venit!', ':username')";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
//Execute the statement and insert new entry into faction_logs
$result = $stmt->execute();
//If the insertion into faction_logs is successful
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
}
?>
answered Nov 26 at 20:51
Dharman
952
1
Welcome to Code Review! You have presented an alternative solution, but haven't reviewed the code. Next time, please explain your reasoning (how your solution works and how it improves upon the original) so that the author can learn from your thought process. As it stands, you have answered a question that's not in scope for this site, which might be a reason for the downvotes on this answer.
– Vogel612♦
Nov 27 at 0:01
add a comment |
up vote
-4
down vote
up vote
-4
down vote
So is this the code which you have used? Why can't I see the insert statement in your source code?
If you wanted to execute both queries using single execute, then it won't work. Just use the code in its entirety but change the SQL statement and use just single parameter.
Once you get more advanced learn about SQL transactions and use that to make sure both your inserts are atomic.
<?php
//register.php
error_reporting(E_ALL);
ini_set('display_errors', 1);
/**
* Start the session.
*/
/**
* Include ircmaxell's password_compat library.
*/
require '/home/panel/public_html/demo/lib/password.php';
/**
* Include our MySQL connection.
*/
require 'connect.php';
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){
//Retrieve the field values from our registration form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
$sql = "SELECT COUNT(name) AS num FROM users WHERE name = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if($row['num'] > 0){
die('That username already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, password) VALUES (:username, :password)";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//If the signup process is successful.
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
/*
Here is your next DB statement
1. You need to prepare new SQL statement
2. Attach the right variable to the statement. PDO allows to reuse named parameters
3. Execute your new statement
4. Check if successful
*/
$sql = "INSERT INTO faction_logs(Text,player) values(':username s-a inregistrat cu succes. Bun venit!', ':username')";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
//Execute the statement and insert new entry into faction_logs
$result = $stmt->execute();
//If the insertion into faction_logs is successful
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
}
?>
answered Nov 26 at 20:51
Dharman
952
So is this the code which you have used? Why can't I see the insert statement in your source code?
If you wanted to execute both queries using single execute, then it won't work. Just use the code in its entirety but change the SQL statement and use just single parameter.
Once you get more advanced learn about SQL transactions and use that to make sure both your inserts are atomic.
<?php
//register.php
error_reporting(E_ALL);
ini_set('display_errors', 1);
/**
* Start the session.
*/
/**
* Include ircmaxell's password_compat library.
*/
require '/home/panel/public_html/demo/lib/password.php';
/**
* Include our MySQL connection.
*/
require 'connect.php';
//If the POST var "register" exists (our submit button), then we can
//assume that the user has submitted the registration form.
if(isset($_POST['register'])){
//Retrieve the field values from our registration form.
$username = !empty($_POST['username']) ? trim($_POST['username']) : null;
$pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
//TO ADD: Error checking (username characters, password length, etc).
//Basically, you will need to add your own error checking BEFORE
//the prepared statement is built and executed.
//Now, we need to check if the supplied username already exists.
//Construct the SQL statement and prepare it.
$sql = "SELECT COUNT(name) AS num FROM users WHERE name = :username";
$stmt = $pdo->prepare($sql);
//Bind the provided username to our prepared statement.
$stmt->bindValue(':username', $username);
//Execute.
$stmt->execute();
//Fetch the row.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//If the provided username already exists - display error.
//TO ADD - Your own method of handling this error. For example purposes,
//I'm just going to kill the script completely, as error handling is outside
//the scope of this tutorial.
if($row['num'] > 0){
die('That username already exists!');
}
//Hash the password as we do NOT want to store our passwords in plain text.
$passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
//Prepare our INSERT statement.
//Remember: We are inserting a new row into our users table.
$sql = "INSERT INTO users (name, password) VALUES (:username, :password)";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $passwordHash);
//Execute the statement and insert the new account.
$result = $stmt->execute();
//If the signup process is successful.
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
/*
Here is your next DB statement
1. You need to prepare new SQL statement
2. Attach the right variable to the statement. PDO allows to reuse named parameters
3. Execute your new statement
4. Check if successful
*/
$sql = "INSERT INTO faction_logs(Text,player) values(':username s-a inregistrat cu succes. Bun venit!', ':username')";
$stmt = $pdo->prepare($sql);
//Bind our variables.
$stmt->bindValue(':username', $username);
//Execute the statement and insert new entry into faction_logs
$result = $stmt->execute();
//If the insertion into faction_logs is successful
if($result){
//What you do here is up to you!
echo 'Thank you for registering with our website.';
}
}
?>
answered Nov 26 at 20:51
Dharman
952
edited Nov 26 at 21:00
answered Nov 26 at 20:51
Dharman
952
answered Nov 26 at 20:51
Dharman
952
answered Nov 26 at 20:51
Dharman
952
952
1
Welcome to Code Review! You have presented an alternative solution, but haven't reviewed the code. Next time, please explain your reasoning (how your solution works and how it improves upon the original) so that the author can learn from your thought process. As it stands, you have answered a question that's not in scope for this site, which might be a reason for the downvotes on this answer.
– Vogel612♦
Nov 27 at 0:01
add a comment |
1
Welcome to Code Review! You have presented an alternative solution, but haven't reviewed the code. Next time, please explain your reasoning (how your solution works and how it improves upon the original) so that the author can learn from your thought process. As it stands, you have answered a question that's not in scope for this site, which might be a reason for the downvotes on this answer.
– Vogel612♦
Nov 27 at 0:01
1
1
Welcome to Code Review! You have presented an alternative solution, but haven't reviewed the code. Next time, please explain your reasoning (how your solution works and how it improves upon the original) so that the author can learn from your thought process. As it stands, you have answered a question that's not in scope for this site, which might be a reason for the downvotes on this answer.
– Vogel612♦
Nov 27 at 0:01
Welcome to Code Review! You have presented an alternative solution, but haven't reviewed the code. Next time, please explain your reasoning (how your solution works and how it improves upon the original) so that the author can learn from your thought process. As it stands, you have answered a question that's not in scope for this site, which might be a reason for the downvotes on this answer.
– Vogel612♦
Nov 27 at 0:01
add a comment |
What have you tried so far?
– Dharman
Nov 26 at 20:40
@Dharman I tried to use it like $sql = "INSERT INTO users (name, password) VALUES (:username, :password); INSERT INTO etc.. ";
– Carlo Hera
Nov 26 at 20:45
1
Welcome on Code Review. Unfortunately, we don't provide code, we review code you've written. Depending on your problem, another site of the StackExchange network can help you. Please see our help center for more information.
– Calak
Nov 26 at 23:00