Using PHP and SQLite

Question

I am going to use a small SQLite database to store some data that my application will use.

I cant however get the syntax for inserting data into the DB using PHP to correctly work, below is the code that i am trying to run:

<?php
    $day = $_POST["form_Day"];
    $hour = $_POST["form_Hour"];
    $minute = $_POST["form_Minute"];
    $type = $_POST["form_Type"];
    $lane = $_POST["form_Lane"];

    try
    {
        $db = new PDO('sqlite:EVENTS.sqlite');
        $db->exec("INSERT INTO events (Day, Hour, Minute, Type, Lane) VALUES ($day, $hour, $minute, $type, $lane);");
        $db = NULL;
    }
    catch(PDOException $e)
    {
        print 'Exception : '.$e->getMessage();
    }
?>

I have successfully created a SQLite database file using some code that i wrote but i just cant seem to insert data into the database.

Are you getting an error message of some kind? Can you post the error you're getting? — awgy
– awgy, Commented May 11, 2010 at 3:08

Alex Jasmin · Accepted Answer · 2010-05-11 03:21:32Z

2

You can't simply insert strings inside your query like that. Take a look at PDO::quote() and prepared statements.

edited May 11, 2010 at 3:21

answered May 11, 2010 at 3:07

Alex Jasmin

39.5k7 gold badges80 silver badges68 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

bcosca · Accepted Answer · 2010-05-11 04:13:08Z

0

there's nothing syntactically wrong with this, unless one of the vars ($day, $hour, etc) returns an empty string.

$db->exec("INSERT INTO events (Day, Hour, Minute, Type, Lane) VALUES ($day, $hour, $minute, $type, $lane);");

having said that, i'd be more worried about sql injection because you're applying $_POST variables directly into an sql statement without validation.

answered May 11, 2010 at 4:13

bcosca

17.6k5 gold badges43 silver badges51 bronze badges

Comments

My Other Me · Accepted Answer · 2010-05-11 10:33:39Z

0

You should rather use parametrized queries. Try this:

$db = new PDO('sqlite:EVENTS.sqlite');
$stmnt = $db->prepare("INSERT INTO events (Day, Hour, Minute, Type, Lane) VALUES (:day, :hour, :minute, :type, :lane);");
$stmnt->execute( array('day'=>$day,'hour'=>$hour, 'minute'=>$minute, 'type'=>$type, 'lane'=>$lane) );
$db = NULL;

answered May 11, 2010 at 10:33

My Other Me

5,1276 gold badges45 silver badges49 bronze badges

Comments

newtover · Accepted Answer · 2010-05-11 10:54:40Z

0

You should explicitly commit transactions after the modifying DML statements (INSERT, DELETE, UPDATE) with COMMIT;.

edited May 11, 2010 at 10:54

answered May 11, 2010 at 10:28

newtover

32.2k11 gold badges89 silver badges89 bronze badges

Collectives™ on Stack Overflow

Using PHP and SQLite

4 Answers 4

Comments

Comments

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

Comments

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related