Insert into db with session

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);

 $query="UPDATE cars321  SET vr_uzi=NOW() WHERE vr_uzi=0000-00-00 00:00:00";
   $query="UPDATE cars321  SET vr_vraca=NOW() WHERE vr_vraca=0000-00-00 00:00:00";

 /*?><?php$sql = "INSERT INTO cars321(start_date,end_date,cars,Location_of_renting,vr_uzi,Location_of_returning,vr_vraca)
VALUES ('".$_POST["start_date"]."','".$_POST["end_date"]."','".$_POST["cars"]."','".$_POST["Location_of_renting"]."','".$_POST["vr_uzi"]."',
'".$_POST["Location_of_returning"]."','".$_POST["vr_vraca"]."')";<?php?> */

  $_SESSION["start_date"] = $_POST["start_date"]; //Set username

echo $_SESSION["start_date"]; //Output the session username

this is first page

second page

$host = "localhost";
//MySQL Database user name.	
$login = "";
//Password for MySQL.
$dbpass = "";
//MySQL Database name.
$dbname = "23";
//Establish a connection
$db = new PDO("mysql:host=localhost;dbname=$dbname", "$login", "$dbpass");
//Add session_start to top of each page//
if (isset($_POST['cmd'])){
  $_SESSION["start_date"] = $_POST["start_date"]; //Set username

	$query = $db->prepare("INSERT INTO cars123.user1(start_date) VALUES(:start_date)");
	$query->bindParam(":start_date", $_SESSION['start_date']);


Fatal error : Uncaught PDOException: SQLSTATE[HY000] [1044] Access denied for user ‘’@‘localhost’ to database ‘cars123’ in C:\xampp\htdocs\carbooking3\16 y\Sucess2.php:69 Stack trace: #0 C:\xampp\htdocs\carbooking3\16 y\Sucess2.php(69): PDO->__construct(‘mysql:host=loca…’) #1 {main} thrown in
cant insert in db getting error

You didn’t pass a username to the PDO object

how can i do it it is start_date

Right here. Plus, you should stop wrapping double quotes around variables. It makes absolutely no sense when you can just use the variable.

1 Like

i am using xampp no pass just username and hostname needed

That’s not how PHP works. You are writing code for PHP, not XAMPP. It makes no sense to do


When doing just


Returns the EXACT value with less spaghetti code to work with. The only reason to wrap double quotes around variables is when you have a string that needs to be continued. For instance,

$variable = "My name is: $first_name";

That’s the ONLY reason to actually be wrapping double quotes around variables. But if you just have a single variable with nothing on the left nor right side, it makes absolutely no sense to be wrapping double quotes around it. This just introduces more mistakes for errors. For instance, what if someone on here tells you to convert double quotes to single quotes? Then this line will change too. The end result will be the literal $first_name as the result and not Johnny as the end result. So please stop wrapping double quotes where you really don’t need them.

1 Like

ok oki

i did change nothing happened

i lifted if (isset($_POST[‘cmd’])){ on top no errors but no inserting

I’m sure it has been mentioned before that this is not the correct way to check that a form has been submitted…

1 Like

I’m confused by your example code. To connect to MySQL you need

  • host - where the database is
  • user - (default is “root”)
  • password - (default is “”)
  • database - which database to connect to

The first example is missing a value for the database name. The second example is missing a value for the user name.

Don’t confuse “not needing a non-default value” as being the same as “not needing a value”.

1 Like

Removing double quotes from the variables aren’t going to change anything. What I was trying to get at is that it’s supposed to reduce redundant uses of double quotes. Your next task should be to choose either mysqli_* or PDO. You should stop making things harder for yourself.

$db = new PDO(“mysql:host=localhost;dbname=$dbname”, “$login”, “$dbpass”);do i need chnge anything here put root

Before a year ago i used mysql

Yes, but that doesn’t matter since that isn’t what you are working on right now. You need to stop making things harder for yourself. Either pick mysqli_* or PDO. Stop making 1 file use PDO and 1 file use mysqli_*. You’re just going to run into problems just like this one.


The “root” user is like a super-admin. For working on localhost the amount of damage a bad query can do is limited to the localhost.

Where non-root users is important is live sites. For example, it could be wise to create a user that has only SELECT permission so they can’t do INSERT, UPDATE, DELETE, etc.

Unfortunately, to be able to create other users, GRANT permission is required and AFAIK, for shared hosts the host is the super-admin and does not give the GRANT permission to those that are sharing.

This can make writing secure code more difficult when a shared host, but no less important.


This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.