pb PHP using mysql prepare statement

fomalhaut

fomalhaut

Member
Messages
107
Reaction score
0
Points
16
Hello.

I want use prepare statement for a mysql insert statement but I have the following error :
[highlight]Parse error: syntax error, unexpected ':' in C:\xampp\htdocs\fomalhaut\gesUtil.php on line 2[/highlight]
I don't understand really how do I link this $dbh with my database which would already connected ?!

PHP: 
<?php session_start(); 
  $ins = $dbh->prepare("INSERT INTO ayant-droit (utilisateur, upass, service, creation, limite, RV) VALUES(?, ?, ?, ?, ?, ?)");
  $ins->bindParam(1, $utilAGerer);
  $ins->bindParam(2, $paAgerer1);
  
  $ins->bindParam(3, $servAGerer);
  $ins->bindParam(4, $creDateAGerer);
  $ins->bindParam(5, $revDateAGerer);
  $ins->bindParam(6, $RV);
?>
   <html><head><title>Gestion du mot de passe</title>
<link rel=stylesheet href="Fomalhaut.css" type="text/css">
</head>
<body>
<div class="flot"><center>
<form action="gesUtil.php" method="post">
<fieldset><legend>Cr&eacute;ation d'un utilisateur</legend>
Utilisateur :<br /><input type="text" name="utilAGerer" maxlength="15" value="<?php echo $utilAGerer; ?>" /><br />
Mot de Passe :<br /><input type="password" name="passAGerer1" maxlength="15" /><br />
V&eacute;rification du Mot de Passe :<br /><input type="password" name="passAGerer2" maxlength="15" /><br />
Service :<br /><input type="text" name="servAGerer" maxlength="3" value="000" /><br />
Date de cr&eacute;ation :<br /><input type="text" name="creDateAGerer" maxlength="19" value="<?php echo date("Y-m-d H:i:s"); ?>" /><br />
Date de r&eacute;vocation :<br /><input type="text" name="revDateAGerer" maxlength="19" value="<?php echo "2032-12-31 23:59:59" ?>" /><br />
<input type="submit" name="submit" />
</fieldset>
</form></center>
</div>
<?php
$ut=$_SESSION['util'];   // le nom de l'utilisateur est passé de page en page par $_SESSION['util']
//This code runs if the form has been submitted
if (isset($_POST['submit'])) {

//This makes sure they did not leave any fields blank
if (!$_POST['utilAGerer'] | !safe($_POST['passAGerer1']) | !safe($_POST['passAGerer2']) | !$_POST['servAGerer'] | !$_POST['creDateAGerer'] | !$_POST['revDateAGerer']) {
  die('Il faut remplir tous les champs !');  }
$utilAGerer = $_POST['utilAGerer'];  
$paAGerer1 = safe($_POST['passAGerer1']);
$paAGerer2 = safe($_POST['passAGerer2']);
$servAGerer = $_POST['servAGerer'];
$creDateAGerer = $_POST['creDateAGerer'];
$revDateAGerer = $_POST['revDateAGerer'];

// this makes sure both passwords entered match
  if ($paAGerer1 != $paAGerer2) {
    die('Vous devez entrer deux fois le <b>m&ecirc;me nouveau mot de passe</b> !');  }

//on se connecte à la database
$con = mysql_connect("localhost", "user**", "pw**");
$db  = "jyc_ayantdroit";
if (!$con) {die('Connection impossible : ' . mysql_error());}
mysql_select_db($db, $con);

// on regarde si l'utilisateur à gérer existe
$check = mysql_query("SELECT * FROM ayant_droit WHERE utilisateur = '" . $utilAGerer . "'")
or die(mysql_error());
$check2 = mysql_num_rows($check);

//si l'utilisateur n'existe pas, on le crée
if ($check2 = 0) {
  $RV = rand(******);
  $passtowrite = hash('******', $RV . $utilAGerer . $paAGerer1);
  $ins->execute();
  echo 'Cr&eacute;ation effectu&eacute;e';
}
else {
  echo ('maj non encore d&eacute;velopp&eacute;e&nbsp;: seulement pour cr&eacute;ation nouveaux utilisateurs.');
}

}
?>
<br /><a href="index.php">Retour au menu</a>
</body>
</html>
Thank you for your help.
 
descalzo

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
1.
PHP: 
session_start(); 
  $ins = $dbh->prepare("INSERT INTO ayant-droit (utilisateur, upass, service, creation, limite, RV) VALUES(?, ?, ?, ?, ?, ?)");
 
.....
 
  $con = mysql_connect("localhost", "user**", "pw**");
$db  = "jyc_ayantdroit";
if (!$con) {die('Connection impossible : ' . mysql_error());}
mysql_select_db($db, $con);

Where does $dbh come from, especially if you are connecting to the DB later on?

2. And I think you changed something between the error and posting here.
Parse error: syntax error, unexpected ':' in C:\xampp\htdocs\fomalhaut\gesUtil.php on line 2
Click to expand...


There is no ':' even close to line 2 and when I cut a paste your code, that parse error does not occur.

Hmmmmmmmm.. Wild guess. 'gesUtil.php' is a file you include, but you did not show the include in what you posted. And gesUtil.php is where you get $dbh. And there is probably a ':' in the first couple of lines of gesUtil.php which is unexpected because there is a missing { or ( or " .
 
Last edited:
M

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
descalzo said:
And there is probably a ':' in the first couple of lines of gesUtil.php which is unexpected because there is a missing { or ( or " .
Click to expand...

Further guess: there's a colon rather than a semicolon at the end of the line.


fomalhaut said:
PHP: 
<?php session_start(); 
  $ins = $dbh->prepare("INSERT INTO ayant-droit (utilisateur, upass, service, creation, limite, RV) VALUES(?, ?, ?, ?, ?, ?)");
  $ins->bindParam(1, $utilAGerer);
  $ins->bindParam(2, $paAgerer1);
  
  $ins->bindParam(3, $servAGerer);
  $ins->bindParam(4, $creDateAGerer);
  $ins->bindParam(5, $revDateAGerer);
  $ins->bindParam(6, $RV);
?>
Click to expand...
At this point, none of the variables you're binding params to (e.g. $utilAGerer) are defined. Either move these lines after you set the variables or pass the values to PDO::execute (which you seem to be using):
PHP: 
$ins->execute(array($utilAGerer, $paAgerer1, $servAGerer, $creDateAGerer, $revDateAGerer, $RV));

fomalhaut said:
PHP: 
<?php 
...
//on se connecte à la database
$con = mysql_connect("localhost", "user**", "pw**");
$db  = "jyc_ayantdroit";
if (!$con) {die('Connection impossible : ' . mysql_error());}
mysql_select_db($db, $con);

// on regarde si l'utilisateur à gérer existe
$check = mysql_query("SELECT * FROM ayant_droit WHERE utilisateur = '" . $utilAGerer . "'")
or die(mysql_error());
Click to expand...
Don't neglect to prepare this query using the same connection you used for the INSERT.

There should be only one line in one script that's responsible for creating a DB connection. The more scripts contain user credentials, the more files there are for you to secure and the greater chance of typos screwing things up. Reduce critical code repetition.

die() is a bad choice, both here and when you test that all user input is defined. Use an "if {...} else {...}" statement or exceptions. You can configure PDO to throw exceptions when errors occur:
PHP: 
$dbh = new PDO("mysql:host=localhost;dbname=$dbname", 'username', 'password');
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
 
Last edited:
fomalhaut

fomalhaut

Member
Messages
107
Reaction score
0
Points
16
Hello

I'm very ashamed of myself, sheepish, and confused !!!! :dunno:

The error message I gave was not the one corresponding to the code I joined !

Sorry...

descalzo said:
There is no ':' even close to line 2 and when I cut a paste your code, that parse error does not occur.
Click to expand...

Descalzo, you're right ! this isn't the good message ! The real message was :

Fatal error: Call to a member function prepare() on a non-object in C:\xampp\htdocs\fomalhaut\gesUtil.php on line 2
Click to expand...
However, I've not poured down too much whisky in my milk, that morning ! :drool:

But this is now resolved :

I had misplaced the db connect, which was bad written !

I've write it now before the "prepare" statement, with your example, Misson... and of course, that works fine !!!

I thought the dbconnect made in the previous php file was enough !

Delcazo, Misson, thank you very much again and forgive me for my drivel !
 
You must log in or register to reply here.
Top