0

I have a SQL query:

if($stmt = $connection->prepare("INSERT INTO users(login, passwd, logged, register, last_login) VALUES(:login, :passwd, FALSE, NOW(), NULL")) {
    $stmt->bindValue(':login', $login, PDO::PARAM_STR);
    $stmt->bindValue(':passwd', md5($passwd), PDO::PARAM_STR);
    $stmt->execute();
    $stmt->close();
} else {
    echo "query error <b>".$connection->error."</b><br>";
}

and it returns this error:

Connection error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ':login, :passwd, FALSE, NOW(), NULL' at line 1

How can I fix it?

I am using MariaDB on Linux Fedora.

Improve this question
3
  • 2
    You sure it's connected with PDO, and not MySQLi? Commented Feb 7, 2017 at 2:02
  • Yes, sorry You are right, I changed title. Commented Feb 7, 2017 at 2:06
  • 1
    bindValue is PDO, mysqli only has unnamed placeholders. Commented Feb 7, 2017 at 2:08

2 Answers 2

Reset to default
3

That error indicates that you're using a MySQLi connection, and not a PDO one. If this is true, you have a few errors here - as PDO and MySQLi doesn't mix.

MySQLi doesn't offer named placeholders (like :placeholder, as PDO does), so you'll have to use ? instead. Furthermore, the MySQLi uses bind_param() and not bindValue() (which is a PDO function).

The code for MySQLi would look like this

if ($stmt = $connection->prepare("INSERT INTO users(login, passwd, logged, register, last_login) VALUES(?, ?, FALSE, NOW(), NULL)")) {
    $password = md5($passwd);
    $stmt->bind_param('ss', $login, $password);
    $stmt->execute();
    $stmt->close();
} else {
    echo "query error <b>".$connection->error."</b><br>";
}

There was also a ) missing at the end of your query, which I have added in the snippet above.

It's also worth noting that md5() isn't a good function to store passwords with. PHP offers password_hash() with password_verify() which you should use instead. The manual holds examples for those functions.

It's also worth noting that errors should only be displayed like that in development. For live versions, you shouldn't be displaying such errors, as they can be exploited.

References

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks man! It helped. It looks like I need to read about pdo and mysli differences ;)
Yes, the mysql libraries doesn't mix ;-) Even though some functions are very similar to one another. I recommend you learn both MySQLi and PDO, and use the one you find the easiest to work with, but there's certainly nothing wrong with using MySQLi as long as you bind your variables like that. Cheers
0

Missing end of brackets at VALUES()

VALUES(:login, :passwd, FALSE, NOW(), NULL
VALUES(:login, :passwd, FALSE, NOW(), NULL)
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.