I'm creating a booking calendar and am having issues making the timeslots that have been booked unavailable. I have populated them separately unfortunately, so the date and timeslot have no connection.
How do I check if both the timeslot and date (in the same ID) have been booked?
$name = $_POST['name'];
$email = $_POST['email'];
$timeslot = $_POST['timeslot'];
$date = $_POST['date'];
$conn = new mysqli("localhost","root","root","bookingCalendar");
if($conn->connect_error){
die("Failed to connect : ".$conn->connect_error);
} else {
$stmt = $conn->prepare("insert into bookings(name, email, timeslot, date) values(?, ?, ?, ?)");
$stmt->bind_param("ssss", $name, $email, $timeslot, $date); //Saves values as strings, thus further functions can't be created
$stmt->execute();
echo '<script>alert("Booking successful!")</script>';
echo "<script> location.href='bookCal.php'; </script>";
$stmt->close();
$conn->close();
}
Related
so this is my code and it only add the data to a table called 'registration' i want it to create its own table using $firstName
<?php
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$gender = $_POST['gender'];
$email = $_POST['email'];
$password = $_POST['password'];
$number = $_POST['number'];
// Database connection
$conn = new mysqli('localhost','root','','test');
if($conn->connect_error){
echo "$conn->connect_error";
die("Connection Failed : ". $conn->connect_error);
} else {
$stmt = $conn->prepare("insert into registration(firstName, lastName, gender, email, password, number) values(?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssssi", $firstName, $lastName, $gender, $email, $password, $number);
$execval = $stmt->execute();
echo $execval;
echo "Registration successfully...";
$stmt->close();
$conn->close();
}
?>
I have to insert the values of a donation form into a table. The table has a foreign key 'uid' which is the donor's id. When I tried to insert the data without giving value to foreign key, the insertion failed.
Then I set the FK value to null. In this case the data was inserted into the table but the value of 'uid' (FK) was null obviously. Now how do I insert the correct value? The correct value whould be the uid of the donor who is currently logged in.
<?php
if (!isset($_SERVER['HTTP_REFERER'])) {
header('location:index.php');
exit;
}
include 'header.php';
session_start();
$servername = "localhost";
$username = "root";
$password = "sql";
$db = "sp";
$conn = new mysqli($servername, $username, $password, $db);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if ($_POST) {
$item = $_POST['item'];
$details = $_POST['details'];
$quantity = $_POST['quantity'];
$sql = "INSERT INTO donation (item, details, quantity) VALUES ('$item', '$details','$quantity');";
if ($conn->query($sql) == true) {
echo "Successful submission";
} else {
echo $sql;
}
$conn->close();
}
The login form should put the user's UID in a session variable. Then you can use that in the INSERT query.
You should also use a prepared statement to prevent SQL injection.
$stmt = $conn->prepare("INSERT INTO donation (uid, item, details, quantity) VALUES (?, ?, ?, ?);");
$stmt->bind_param("iisi", $_SESSION['uid'], $item, $details, $quantity);
if ($stmt->execute()) {
echo "Successful submission";
} else {
echo "Error: $stmt->error";
}
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
<?php
error_reporting(E_ALL);
$username = $_POST['username'];
$email_id = $_POST['email_id'];
$phone_no = $_POST['phone_no'];
$gender = $_POST['gender'];
$country = $_POST['country'];
$courses = $_POST['courses'];
//i am checking here values***
if (!empty($username) || !empty($email_id) || !empty($phone_no) || !empty($gender) || !empty($country) || !empty($courses)) {
//db connectiion***
$host = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbname = "registartionform";
//create connection
$conn = new mysqli($host, $dbUsername, $dbPassword, $dbname);
if (mysqli_connect_error()) {
die('Connect Error('. mysqli_connect_errno().')'. mysqli_connect_error());
} else {
//check email already exists or not and insert the value in db***
$SELECT = "SELECT email_id From registration Where email_id = ? Limit 1";
$INSERT = "INSERT Into registration (username, email_id, phone_no, gender, country, courses) values($username, $email_id, $phone_no, $gender, $country, $courses)";
//Prepare statement
$stmt = $conn->prepare($SELECT);
if ($stmt !== false) {
$stmt->bind_param("s", $email_id);
$stmt->execute();
$stmt->bind_result($email_id);
$stmt->store_result();
$rnum = $stmt->num_rows;
}
if ($rnum == 0) {
$stmt->close();
$stmt = $conn->prepare($INSERT);
$stmt->bind_param("ss", $username, $email_id, $phone_no, $gender, $country, $courses);
if ($stmt !== false) {
$stmt->execute();
echo "New record inserted sucessfully";
} else {
echo "Someone already register using this email";
}
}
$stmt->close();
$conn->close();
}
} else {
echo "All field are required";
die();
}
You can't do this
INSERT Into registration (username, email_id, phone_no, gender, country, courses)
values($username, $email_id, $phone_no, $gender, $country, $courses)
and then try to bind variables
$stmt->bind_param("ss", $username, $email_id, $phone_no, $gender, $country, $courses );
You should use placeholders in your SQL query. Try with:
INSERT Into registration (username, email_id, phone_no, gender, country, courses)
values(?, ?, ?, ?, ?, ?)
Values will be provided in bind_param variables.
Also you have 7 variables in bind_param and only 6 columns in your INSERT statement. You need to mach that or SQL wont know where to put data.
So I've finished building a question and answer site and am now trying to defend it against SQL injection but having problems with CURRENT_DATE. I want to insert current date with the question into db but what binding marker would that be? "s" for string is not working?
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "questions87";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
session_start();
$question = $_POST["question"];
$uname = $_SESSION['username'];
$qa_email =$_SESSION['email'];
// prepare and bind
$stmt = $conn->prepare("INSERT INTO login (username, username, q_date, qa_email) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssss", $question, $uname, CURRENT_DATE, $qa_email);
$stmt->execute();
if ($stmt) {echo "Thank you ". $uname . " Your question has been submitted " . "<br>";}
else {echo "Error: " . $sql . "<br>" . mysqli_error($conn);}
$stmt->close();
$conn->close();
?>
Use simple mysql function NOW() and remove placeholder for q_date:
$stmt = $conn->prepare("INSERT INTO login (username, username, q_date, qa_email) VALUES (?, ?, NOW(), ?)");
$stmt->bind_param("sss", $question, $uname, $qa_email);
Btw, I noticed, you have field username twice in this query. I suppose one of the occurences should be replaced with some other field.
I am trying to insert data into an online MySql database,I used this query a few months ago now it doesn't seem to work,
My Form:
$name = "Hilary";
$number = "768";
$orderss = "Rice x1";
$location = "Chilenje";
$con= mysqli_connect($host,$user,$pass,$db);
$query= "insert into orders values('".$name."','".$number."','".$orderss."','".$location."');";
$result= mysqli_query($con,$query);
if(!$result)
{
$response = array();
$code= "reg_false";
$message="Error Placing Order...";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
}
else
{
$response = array();
$code= "reg_true";
$message="Order Successful,Please wait for our call...";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
}
mysqli_close($con);
?>
When i run this form i get the "Error placing orders" part of server response and values are not inserted.Please help me
Make your $query very simple like this if you're inserting into all columns of your table
$stmt = $conn->prepare("INSERT INTO orders VALUES (?, ?, ?, ?)");
$stmt->bind_param("siss", $name, $number, $orderss, $location);
or if you're inserting into specific columns you can use this by replacing column_name* with your actual column names
$stmt = $conn->prepare("INSERT INTO orders (column_name1, column_name2, column_name3, column_name4) VALUES (?, ?, ?, ?)");
$stmt->bind_param("siss", $name, $number, $orderss, $location);
or I also modified your current code so you can test at your end one more thing "siss" are arguments which are of 4 different types i - integer, d - double, s - string, b - BLOB
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
$name = "Hilary";
$number = "768";
$orderss = "Rice x1";
$location = "Chilenje";
// Create connection
$con = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}
// prepare and bind
$stmt = $conn->prepare("INSERT INTO orders VALUES (?, ?, ?, ?)");
$stmt->bind_param("siss", $name, $number, $orderss, $location);
if($stmt->execute()) {
$stmt->execute();
$response = array();
$code= "reg_true";
$message="Order Successful,Please wait for our call...";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
} else {
$response = array();
$code= "reg_false";
$message="Error Placing Order...";
array_push($response,array("code"=>$code,"message"=>$message));
echo json_encode(array("server_response"=>$response));
}
$stmt->close();
$con->close();
?>