if(isset($_POST["submit"])){
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$query="UPDATE cars321 SET vr_uzi=NOW() WHERE vr_uzi=0000-00-00 00:00:00";
$query="UPDATE cars321 SET vr_vraca=NOW() WHERE vr_vraca=0000-00-00 00:00:00";
/*?><?php$sql = "INSERT INTO cars321(start_date,end_date,cars,Location_of_renting,vr_uzi,Location_of_returning,vr_vraca)
VALUES ('".$_POST["start_date"]."','".$_POST["end_date"]."','".$_POST["cars"]."','".$_POST["Location_of_renting"]."','".$_POST["vr_uzi"]."',
'".$_POST["Location_of_returning"]."','".$_POST["vr_vraca"]."')";<?php?> */
$_SESSION["start_date"] = $_POST["start_date"]; //Set username
echo $_SESSION["start_date"]; //Output the session username
this is first page
second page
$host = "localhost";
//MySQL Database user name.
$login = "";
//Password for MySQL.
$dbpass = "";
//MySQL Database name.
$dbname = "23";
//Establish a connection
$db = new PDO("mysql:host=localhost;dbname=$dbname", "$login", "$dbpass");
//Add session_start to top of each page//
session_start();
if (isset($_POST['cmd'])){
$_SESSION["start_date"] = $_POST["start_date"]; //Set username
$query = $db->prepare("INSERT INTO cars123.user1(start_date) VALUES(:start_date)");
$query->bindParam(":start_date", $_SESSION['start_date']);
$query->execute();
Fatal error : Uncaught PDOException: SQLSTATE[HY000] [1044] Access denied for user ââ@âlocalhostâ to database âcars123â in C:\xampp\htdocs\carbooking3\16 y\Sucess2.php:69 Stack trace: #0 C:\xampp\htdocs\carbooking3\16 y\Sucess2.php(69): PDO->__construct(âmysql:host=locaâŚâ) #1 {main} thrown in
cant insert in db getting error
Thatâs not how PHP works. You are writing code for PHP, notXAMPP. It makes no sense to do
"$variable"
When doing just
$variable
Returns the EXACT value with less spaghetti code to work with. The only reason to wrap double quotes around variables is when you have a string that needs to be continued. For instance,
$variable = "My name is: $first_name";
Thatâs the ONLY reason to actually be wrapping double quotes around variables. But if you just have a single variable with nothing on the left nor right side, it makes absolutely no sense to be wrapping double quotes around it. This just introduces more mistakes for errors. For instance, what if someone on here tells you to convert double quotes to single quotes? Then this line will change too. The end result will be the literal $first_name as the result and not Johnny as the end result. So please stop wrapping double quotes where you really donât need them.
Removing double quotes from the variables arenât going to change anything. What I was trying to get at is that itâs supposed to reduce redundant uses of double quotes. Your next task should be to choose either mysqli_* or PDO. You should stop making things harder for yourself.
Yes, but that doesnât matter since that isnât what you are working on right now. You need to stop making things harder for yourself. Either pick mysqli_* or PDO. Stop making 1 file use PDO and 1 file use mysqli_*. Youâre just going to run into problems just like this one.
The ârootâ user is like a super-admin. For working on localhost the amount of damage a bad query can do is limited to the localhost.
Where non-root users is important is live sites. For example, it could be wise to create a user that has only SELECT permission so they canât do INSERT, UPDATE, DELETE, etc.
Unfortunately, to be able to create other users, GRANT permission is required and AFAIK, for shared hosts the host is the super-admin and does not give the GRANT permission to those that are sharing.
This can make writing secure code more difficult when a shared host, but no less important.