Good morning everyone
I am trying to update the table with the new quantity selected, when I run the following function, however, I get this error:
Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in C:\xampp\htdocs\php_Assessments\shoppingList\model\functions_products.php:11 Stack trace: #0 C:\xampp\htdocs\php_Assessments\shoppingList\model\functions_products.php(11): PDOStatement->execute() #1 C:\xampp\htdocs\php_Assessments\shoppingList\controller\product_update_process.php(21): update_item('57', '3', '1') #2 {main} thrown in C:\xampp\htdocs\php_Assessments\shoppingList\model\functions_products.ph
Function to update the quantity, function_products.php:
<?php
function update_item($soldID, $orderedQuantity, $itemQuantity)
{
global $conn;
$sql = "UPDATE shopping_items.sold SET orderedQuantity = :itemQuantity WHERE soldID = :soldID";
$statement = $conn->prepare($sql);
$statement->bindValue(':soldID', $soldID);
$statement->bindValue(':orderedQuantity', $orderedQuantity);
$statement->bindValue(':itemQuantity', $itemQuantity);
$result = $statement->execute();
$statement->closeCursor();
return $result;
}
?>
product_update_process.php
<?php
// Require database connection
require('connection.php');
// Require function
require_once("../model/functions_products.php");
// Fetch the data required
$soldID = $_GET['soldID'];
$itemQuantity = $_POST['itemQuantity'];
$orderedQuantity = $_POST['orderedQuantity'];
if(empty($itemQuantity)) {
echo '<script type="text/javascript">alert("The quantity is required.")</script>' ;
// Redirect the browser window back to the add customer page
echo "<script>setTimeout(\"location.href = '../index.php';\",2000);</script>";
} else {
//call the update_item() function
$result = update_item($soldID, $itemQuantity, $orderedQuantity);
// Redirect the browser window back to the admin page
header("location: ../index.php");
}
?>
What could be the issue here?
Thanks for your assistance.
To add to #TangentiallyPerpendicular's comment, why are you binding to :orderedQuantity? This variable is not being used in your SQL statement, even though you have told the SQL engine to expect the variable. The column doesn't need to be a variable in order pass a variable to it.
Related
I am having issues using a prepared insert statement.
The script is supposed to read the contents of the .txt file and insert the data into the corresponding columns in my database. Here is the error I keep getting when trying to insert.
Fatal error: Uncaught mysqli_sql_exception: Column 'propertyName' cannot be null in C:\xamppp\htdocs\php7\propertyUpload.php:19 Stack trace: #0 C:\xamppp\htdocs\php7\propertyUpload.php(19): mysqli_stmt_execute(Object(mysqli_stmt)) #1 {main} thrown in C:\xamppp\htdocs\php7\propertyUpload.php on line 19
BTW: The contents of the .txt are in an array like so:
TEST1000, PROPERTY1
TEST2000, PROPERTY2
TEST3000, PROPERTY3
<?php
include 'config.php';
if (empty($_SERVER['HTTP_REFERER']))
{
header('Location: ""');
exit;
}
ini_set("auto_detect_line_endings", true);
$open = fopen('test22-7-18.txt','r');
while (!feof($open))
{
$getTextLine = fgets($open);
$explodeLine = explode(",",$getTextLine);
list($accountCode,$propertyName) = $explodeLine;
$sql = "INSERT INTO properties (accountCode, propertyName) values(?, ?)";
if ($stmt = mysqli_prepare($link, $sql))
{
mysqli_stmt_bind_param($stmt,"ss",$accountCode, $propertyName);
(mysqli_stmt_execute($stmt));
}
}
fclose($open);
?>
However, when I change my code to this the contents are inserted correctly:
<?php
include 'config.php';
if (empty($_SERVER['HTTP_REFERER']))
{
header('Location: ""');
exit;
}
ini_set("auto_detect_line_endings", true);
$open = fopen('test22-7-18.txt','r');
while (!feof($open))
{
$getTextLine = fgets($open);
$explodeLine = explode(",",$getTextLine);
list($accountCode,$propertyName) = $explodeLine;
$sql = "INSERT INTO properties (accountCode, propertyName) values(? , '$propertyName')";
if ($stmt = mysqli_prepare($link, $sql))
{
mysqli_stmt_bind_param($stmt,"s",$accountCode);
(mysqli_stmt_execute($stmt));
}
}
fclose($open);
?>
Is the second script open to SQL injection, if not could I leave it as is? Does anyone know why I can't get the first statement to work?
The value of $propertyName is null, but the propertyName column in the table is declared NOT NULL.
This is most likely due to your incorrect use of while(!feof($open)), which causes you to call fgets() an extra time at the end of the file. This sets $getTextLine to false, and explode() returns [""], so $bar is set to null (there's probably also an "Undefined offset" warning that you're not printing).
When you use string substitution null expands to an empty string, so you're inserting an empty string in that row. This prevents the error, but you're probably not getting the desired result, since it inserts an extra row with empty values.
Use
while ($getTextLine = fgets())
as your looping criteria instead of while (!feof($getTextLine))
I'm trying to do something fairly complicated but I hope it makes sense in text.
So I have a link on a page which take me to post.php?postid=3
In my database there is a a field which is integer called camp_id. When for example I'm on a post which has the field camp_id with a value of 1, I want to display everything in the table that has the value of 1 in that field.
If I change the URL to post.php?postid=2 and that post has a camp_id of say 4, I would display a list of everything that has a camp_id of 4.
Anyway here is my code below and the current error at the bottom.
Here is my function:
public function getartfromcamp($campid)
{
$con = $this->db->OpenCon();
$campid = $con->real_escape_string($campid);
$stmt = "SELECT * from post WHERE camp_id = '$campid'";
$relatedlinks = $con->query($stmt);
if ($relatedlinks->num_rows > 1) {
$sql = $relatedlinks;
} else {
$sql = "No article";
echo "";
}
$this->db->CloseCon();
return $sql;
}
Here is the code on the page:
include 'postclass.php';
$postid = $_GET['postid'];
$article = new Post();
$relatedlinks = $article->getartfromcamp($postid);
?>
<div class='row'>
<?php
while ($row = $relatedlinks->fetch_assoc()) {
?>
<ul>
<ul>
<li><?php echo $row['article_name'];?></li>
</ul>
It seems to work with postid=1 but when I change it to something else I get the error below:
Fatal error: Uncaught Error: Call to a member function fetch_assoc()
on string in
C:\inetpub\wwwroot\local.test.co.uk\blog-example\camp1.php:18 Stack
trace: #0 {main} thrown in
C:\inetpub\wwwroot\local.test.co.uk\blog-example\camp1.php on line 18
Line: 18:
while ($row = $relatedlinks->fetch_assoc()) {
In function getartfromcamp, you are returning $sql string, instead of the connection object, when there is no result.
In this particular case, no result is coming, hence string is being returned. So it throws out error, as you are trying to run fetch_assoc on a string. You should let the function return connection object only, even if there are no rows being returned.
Change to following:
public function getartfromcamp($campid)
{
$con = $this->db->OpenCon();
$campid = $con->real_escape_string($campid);
$stmt = "SELECT * from post WHERE camp_id = '$campid'";
$relatedlinks = $con->query($stmt);
$this->db->CloseCon();
return $relatedlinks;
}
SideNote: You should switch to Prepared statements, to prevent SQL injection related issues.
I'm trying to return a row from a database by calling a stored procedure throught PHP. However, when I do this how I normally would I get a "General Error".
Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error in C:\xampp\htdocs\Skilaverkefni 4\Courses\read.php:11
Stack trace:
#0 C:\xampp\htdocs\Skilaverkefni 4\Courses\read.php(11): PDOStatement->fetchAll(2)
#1 C:\xampp\htdocs\Skilaverkefni 4\index.php(13): ReadCourse('FOR3L3U')
#2 {main}
thrown in C:\xampp\htdocs\Skilaverkefni 4\Courses\read.php on line 11
Here is the code:
<?php
function ReadCourse($courseID)
{
require "dbCon.php";
$SQL = "SET #p0='" . $courseID . "'; CALL ReadCourse(#p0);";
echo "$SQL";
$logon = $pdo->prepare($SQL);
$logon->execute();
$records = $logon->fetchAll(PDO::FETCH_ASSOC);
print_r($records);
}
?>
After a long Google-session I found out that the issue is most caused by the way I'm handling the reading of the data returned from the stored procedure, how do I do this correctly?
The whole point of PDO is to make it impossible to run any old database query you choose to pass as a string.
From the documentation:
<?php
/* Call a stored procedure with an INOUT parameter */
$colour = 'red';
$sth = $dbh->prepare('CALL puree_fruit(?)');
$sth->bindParam(1, $colour, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT, 12);
$sth->execute();
print("After pureeing fruit, the colour is: $colour");
?>
I am trying to a PDO using the following code:
<?php
include('connection.php');
# cartexe.php will perform all actions on cart.php
// add Item to Cart
if(isset($_POST['addItemToCart']))
{
// initialize index.php variables
$productName = $_POST['productName'];
$price = $_POST['price'];
$description = $_POST['description'];
// check the cart table to see if the product has been previously added
$smtp = $conn->prepare('SELECT Quantity FROM cart WHERE Product Name = :product'); // prepare a statement to fetch the quantity for a particular product... the statement is not executed but merely prepared to do so.
$smtp->bindParam(':product', $productName, PDO::PARAM_STR); //bind the productName with whatever data supplied hence the statement after : above will be replaced with the actually data.. In additional the statement is set as string hence PDO::PRAM_STR
$smtp->execute();//finally run the statment
$result = $smtp->fetch(PDO::FETCH_NUM);
if($result > 0)
{
echo " DATA FOUND";
}
else
{
echo ' No data founded';
}
}
?>
But I keep getting the error below. I have tried several different methods but none of them worked.
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: parameter was not defined'
Wrap your column name in backticks since it contains a space
WHERE `Product Name`
having used $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); right after the connection is opened, would have signaled an error.
Another option is to use an underscore between the words while renaming/altering your column to Product_Name
WHERE Product_Name ...
An insight:
Also make sure your form element is indeed named.
I.e.:
<input type="text" name="productName">
Using error reporting and placed at the top of your file(s):
error_reporting(E_ALL);
ini_set('display_errors', 1);
would signal (other) possible errors also, should it be the case.
I have index.php page and in the title tag I have something like this:
<title><?php echo getBasic('title'); ?></title>
And it's returning the following error:
Fatal error: Call to a member function bind_param() on a non-object in C:\Program Files\WAMP\www\Filmovi\modules\database\dbcon.php on line 12
And in dbcon.php included on the top of the index with require_once('modules/database/dbcon.php') I have this:
function getBasic($type){
global $db;
$sql='SELECT content FROM a853_filmovi WHERE type = ?';
$stmt = $db->prepare($sql);
$stmt->bind_param('s',$type); <-- Line 12
$stmt->execute();
$stmt->bind_result($content);
return $content;
}
On the line number 3 I have this:
$public = getBasic('public');
and it's working perfectly.
By the way, this worked and showed the title properly and then stopped working because of an uknown reason. I don't get it how is it working with getBasic('public') but not with the title. I have a record with the type 'title' in the database so that's not a problem.
Thanks in advance.
Errors like this happen because you are not checking return values before using them.
In this case the error happens because $db->prepare($sql) fails, returns false, and then you use it as if it is a statement (stmt) object.
Check your return values before using them:
$stmt = $db->prepare($sql);
if ($stmt === false) {
die('Preparing SQL string failed');
}
One reason for the error is, prepare() is getting failed -
if the sql statement sent to it is not valid in the current DB.
prepare() will then return false.
Eg - if the table name is not correct or one or more field in the query does not exist.