Insertion of data into database using php

0
votes

I'm new to php I have created a php form that will insert data into the database my database name is Emp and the table name is info. I'm inserting using PDO. I have written a code to do this and it is getting executed without catching any errors, but the database is still empty. I have posted my code below please tell me what I'm doing wrong.

<?php
    try{
        echo $_POST['name'].", ".$_POST['age'].", ".$_POST['email'].", ".$_POST['name'].", ".$_POST['country'].", ". $_POST['city'] ;
        $user="root";
        $pass="root123";
                    $con=new PDO('mysql:host=localhost;dbname=Emp', $user, $pass);
        $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
        $con->beginTransaction();
        //echo "INSERT INTO info(Empid,Ename,Age,Email,Country,City,Salary) VALUES('".$_POST['eid']."','".$_POST['name']."','".$_POST['age']."','".$_POST['email']."','".$_POST['country']."','".$_POST['city']."','".$_POST['salary']."')";
        $num=$con->exec("INSERT INTO info(Empid,Ename,Age,Email,Country,City,Salary) VALUES('".$_POST['eid']."','".$_POST['name']."','".$_POST['age']."','".$_POST['email']."','".$_POST['country']."','".$_POST['city']."','".$_POST['salary']."')");
        echo "<br>".$num." row added succesfully"; // this is displayed when I execute this but database is empty.
    }
    catch(Exception $e)
    {
        echo 'Exception -> ';
        var_dump($e->getMessage());
    }
    ?>
3
phpmysqlpdo
what happens when you run this query directly into your database? - zzlalani
You're starting a transaction with beginTransaction(), but it won't appear on the database until you finalise the transaction with commit() - user1864610
Mike is right, you need to commit @user2655318 - zzlalani
Additional note: please read the paragraph on PDO and bound parameters in this document to avoid SQL injectin: phptherightway.com/#databases - herrjeh42

3 Answers

2
votes

Since you have used beginTransaction(), you have to commit the changes. Add

$con->commit();

Reference: PHP Manual

Note: Even though you are using PDO, you are still interpolating HTTP Request values without sanitization, that could be bad

1
votes

All you need to do is to commit and/or rollBack your code

<?php
    try{
        .
        . code
        .
        $con->beginTransaction();
        .
        . code
        .
        $num=$con->exec("INSERT INTO info (Empid,Ename,Age,Email,Country,City,Salary) VALUES('".$_POST['eid']."','".$_POST['name']."','".$_POST['age']."','".$_POST['email']."','".$_POST['country']."','".$_POST['city']."','".$_POST['salary']."')");
        $con->commit(); // This is missing
    }
    catch(Exception $e)
    {
        var_dump($e->getMessage());
        $con->rollBack(); //  And this is missing
    }
?>
1
votes

you either have to commit or rollback the transaction ..

changes made to the database via the PDO transactions are not committed until you end the transaction by calling PDO::commit() or Calling PDO::rollBack()

<?php
try{
    echo $_POST['name'].", ".$_POST['age'].", ".$_POST['email'].", ".$_POST['name'].", ".$_POST['country'].", ". $_POST['city'] ;
   ...
  $con->beginTransaction();
  ....
   $con->commit();
}
catch(Exception $e)
{
    echo 'Exception -> ';
    var_dump($e->getMessage());
     $con->rollBack();
}
?>