PHP PDO Binded variables empty?

Pelvis · 22-02-2017 6:17pm #1

I'm trying to insert some values into a table and for some reason when binding my named parameters all I get are empty strings.

[PHP]
$conn = 'mysql:host=' . $hn . ';dbname=' . $db . '';
$user = $un;
$pass = $pw;

$PDO = new PDO($conn, $user, $pass);
$PDO->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

$STH = $PDO->prepare("INSERT INTO table (reason_id, account_no, amount, created_at, company_id, user_id)
VALUES (':reason', ':accref', ':amount', ':date', ':company', ':user')");

$company = sanitizeString($_POST);
$reason = sanitizeString($_POST);
$accref = sanitizeString($_POST);
$amount = sanitizeString(number_format(round($_POST, 2), 2, '.', ''));
$date = sanitizeString(date('Y-m-d H:i:s'));
$user = sanitizeString($_SESSION);

$STH->bindValue(':reason', $reason, PDO::PARAM_INT);
$STH->bindValue(':accref', $accref, PDO::PARAM_STR);
$STH->bindValue(':amount', $amount, PDO::PARAM_STR);
$STH->bindValue(':date', $date, PDO::PARAM_STR);
$STH->bindValue(':company', $company, PDO::PARAM_INT);
$STH->bindValue(':user', $user, PDO::PARAM_INT);
$result = $STH->execute();

if ($result) {
echo 1;
}[/PHP]

In the case of :accref, the string ":accref" is inserted into the table.

I just echo the sanitized variables I can see that they are there!

Anyone any ideas?

Thanks.

Pelvis · 22-02-2017 7:37pm

Never mind. I am an idiot.

Spoiler

remove single quotes from query

PHP PDO Binded variables empty?

Comments