I am retrieving values from the database into the form for update, on the press of submit button.
The values do get retrieved but update process fails without any error.
Here's the code:
<?php
session_start();
$username=$_SESSION['uname'];
$cn=mysqli_connect("localhost", "root", "", "testdb");
// Define variables and initialize with empty values
$course = $category = "";
$title = $descp = "";
// Processing form data when form is submitted
if(isset($_POST["pid"]) && !empty($_POST["pid"])){
// Get hidden input value
$pid = $_POST["pid"];
// Check input errors before inserting in database
if(empty($course) && empty($category) && empty($title) && empty($descp)){
// Prepare an update statement
$sql = "UPDATE posts SET course=?, category=?, title=?, descp=? WHERE pid=?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssssi", $param_course, $param_category, $param_title, $param_descp, $param_pid);
// Set parameters
$param_course = $course;
$param_category = $category;
$param_title = $title;
$param_descp = $descp;
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Records updated successfully. Redirect to landing page
header("location: CAposts.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($cn);
} else{
// Check existence of id parameter before processing further
if(isset($_GET["pid"]) && !empty(trim($_GET["pid"]))){
// Get URL parameter
$pid = trim($_GET["pid"]);
// Prepare a select statement
$sql = "SELECT * FROM posts WHERE pid = ?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_pid);
// Set parameters
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$result = mysqli_stmt_get_result($stmt);
if(mysqli_num_rows($result) == 1){
/* Fetch result row as an associative array. Since the result set contains only one row, we don't need to use while loop */
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
// Retrieve individual field value
$pid = $row['pid'];
$uname = $row['uname'];
$course = $row['course'];
$category = $row['category'];
$pdate = $row['pdate'];
$title = $row['title'];
$descp = $row['descp'];
} else{
// URL doesn't contain valid id. Redirect to error page
header("location: CAposts.php");
exit();
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
// Close connection
mysqli_close($cn);
} else{
// URL doesn't contain id parameter. Redirect to error page
header("location: CAposts.php");
exit();
}
}
?>
<html>
<head>
<title>IMEDTalks-Post-
<?php echo $title;?>
</title>
<link href="./css/bootstrap.min.css" rel="stylesheet" />
<script src="./scripts/jquery-3.3.1.min.js"></script>
<script src="./scripts/bootstrap.min.js"></script>
<style>
/* Make the image fully responsive */
.carousel-inner img {
width: 100%;
height: 30%;
}
</style>
</head>
<body>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2 class="text-center">Update Post</h2>
</div>
<p class="text-center">Please edit the input values and submit to update the post.</p>
<form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
<div class="form-group">
<div class="row">
<label class="col-form-label col-md-1 offset-3" for="course">Course:</label>
<div class="col-md-2">
<select name="course" class="form-control" required>
<option value="<?php echo $course;?>" selected>
<?php echo $course;?>
</option>
<option value="">Choose any:</option>
<option value="comp">Comp</option>
<option value="theo">Theory</option>
</select>
</div>
<label class="col-form-label col-md-1" for="category">Category:</label>
<div class="col-md-3">
<select name="category" class="form-control" required>
<option value="<?php echo $category;?>" selected>
<?php echo $category;?>
</option>
<option value="">Choose any:</option>
<option value="plang">Programming Language</option>
<option value="web">Web Technologies</option>
<option value="maths">Mathematics and Statistics</option>
<option value="others">Others</option>
</select>
</div>
</div>
</div>
<div class="form-group row">
<label for="title" class="col-form-label col-md-2">Title:
</label>
<div class="col-md-10">
<input type="text" class="form-control" value="<?php echo $title;?>" name="title" required>
</div>
</div>
<div class="form-group row">
<label for="desc" class="col-form-label col-md-12">Description:
</label>
<div class="col-md-12">
<textarea class="form-control" name="descp" rows="20" required><?php echo $descp;?></textarea>
</div>
</div>
<input type="hidden" name="pid" value="<?php echo $pid;?>" />
<div class="form-group row">
<div class="col-md-4 offset-4">
<a href="CAposts.php"><button type="button" name="cancel"
class="btn-lg btn-danger">Cancel</button></a>
</div>
<div class="col-md-4">
<button type="submit" name="update" class="btn-lg btn-success">Submit</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
PS:
pid is being bought from the previous page where the data is listed in table format, and on the click of the button, that data/post gets loaded into the form for editing using the pid, which is primary key in my database table.
using bootstrap 4.
Edited after first comments.
You have 5 columns in your query but you only bind 4 of them, so you forgot an s
$sql = "UPDATE posts SET course=?, category=?, title=? descp=? WHERE pid=?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "sssi", $param_course, $param_category, $param_title, $param_descp, $param_pid);
Here a cleaner code for your update:
$stmt = $conn->prepare("UPDATE posts SET course=?, category=?, title=?, descp=? WHERE pid=?");
$stmt->bind_param("ssssi", $course, $category, $title, $descp, $pid);
$stmt->execute();
I just saw that you are trying to display all your data from DB using
// Prepare a select statement
$sql = "SELECT * FROM posts WHERE pid = ?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_pid);
// Set parameters
$param_pid = $pid;
And also, the value of all your form is using these informations fetched from DB, which is nothing since, i just can't understand. You are trying to fetching all your data using a variable which comming from data of DB itself...
Try something, change the hidden form for your ID and use this (if you have data in db using id 1)
<input type="hidden" name="pid" value="1" />
Related
I am retrieving values from the database into the form for update, on the press of the submit button, the values should get updated.
Here's the code:
PostUpdate.php:
<?php
session_start();
$username=$_SESSION['uname'];
$cn=mysqli_connect("localhost", "root", "", "testdb");
// Define variables and initialize with empty values
$course = $category = "";
$title = $descp = "";
// Processing form data when form is submitted
if(isset($_POST["pid"]) && !empty($_POST["pid"])){
// Get hidden input value
$pid = $_POST["pid"];
// Check input errors before inserting in database
if(empty($course) && empty($category) && empty($title) && empty($descp)){
// Prepare an update statement
$sql = "UPDATE posts SET course=?, category=?, title=?, descp=? WHERE pid=?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssssi", $param_course, $param_category, $param_title, $param_descp, $param_pid);
// Set parameters
$param_course = $course;
$param_category = $category;
$param_title = $title;
$param_descp = $descp;
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Records updated successfully. Redirect to landing page
header("location: CAposts.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($cn);
} else{
// Check existence of id parameter before processing further
if(isset($_GET["pid"]) && !empty(trim($_GET["pid"]))){
// Get URL parameter
$pid = trim($_GET["pid"]);
// Prepare a select statement
$sql = "SELECT * FROM posts WHERE pid = ?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_pid);
// Set parameters
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$result = mysqli_stmt_get_result($stmt);
if(mysqli_num_rows($result) == 1){
/* Fetch result row as an associative array. Since the result set contains only one row, we don't need to use while loop */
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
// Retrieve individual field value
$pid = $row['pid'];
$uname = $row['uname'];
$course = $row['course'];
$category = $row['category'];
$pdate = $row['pdate'];
$title = $row['title'];
$descp = $row['descp'];
} else{
// URL doesn't contain valid id. Redirect to error page
header("location: CAposts.php");
exit();
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
// Close connection
mysqli_close($cn);
} else{
// URL doesn't contain id parameter. Redirect to error page
header("location: CAposts.php");
exit();
}
}
?>
<html>
<head>
<title>IMEDTalks-Post-
<?php echo $title;?>
</title>
<link href="./css/bootstrap.min.css" rel="stylesheet" />
<script src="./scripts/jquery-3.3.1.min.js"></script>
<script src="./scripts/bootstrap.min.js"></script>
<style>
/* Make the image fully responsive */
.carousel-inner img {
width: 100%;
height: 30%;
}
</style>
</head>
<body>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2 class="text-center">Update Post</h2>
</div>
<p class="text-center">Please edit the input values and submit to update the post.</p>
<form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
<div class="form-group">
<div class="row">
<label class="col-form-label col-md-1 offset-3" for="course">Course:</label>
<div class="col-md-2">
<select name="course" class="form-control" required>
<option value="<?php echo $course;?>" selected>
<?php echo $course;?>
</option>
<option value="">Choose any:</option>
<option value="comp">Comp</option>
<option value="theo">Theory</option>
</select>
</div>
<label class="col-form-label col-md-1" for="category">Category:</label>
<div class="col-md-3">
<select name="category" class="form-control" required>
<option value="<?php echo $category;?>" selected>
<?php echo $category;?>
</option>
<option value="">Choose any:</option>
<option value="plang">Programming Language</option>
<option value="web">Web Technologies</option>
<option value="maths">Mathematics and Statistics</option>
<option value="others">Others</option>
</select>
</div>
</div>
</div>
<div class="form-group row">
<label for="title" class="col-form-label col-md-2">Title:
</label>
<div class="col-md-10">
<input type="text" class="form-control" value="<?php echo $title;?>" name="title" required>
</div>
</div>
<div class="form-group row">
<label for="desc" class="col-form-label col-md-12">Description:
</label>
<div class="col-md-12">
<textarea class="form-control" name="descp" rows="20" required><?php echo $descp;?></textarea>
</div>
</div>
<input type="hidden" name="pid" value="<?php echo $pid;?>" />
<div class="form-group row">
<div class="col-md-4 offset-4">
<a href="CAposts.php"><button type="button" name="cancel"
class="btn-lg btn-danger">Cancel</button></a>
</div>
<div class="col-md-4">
<button type="submit" name="update" class="btn-lg btn-success">Submit</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
Here, i am using pid which is being bought from the previous page where the data is listed in table format, and on the click of a button there, that data/post gets loaded into the form for editing and updating the same using the pid(primary key in my database table)
Iam using bootstrap 4.
Problem i am facing:
The update operation is performed without any errors using the pid, but the values of course, category, title, description gets set to blank in database table after this update operation.
I can't figure out whats going wrong here.
im trying to match my textfield input of a "coupon_code" to a value in a sql table. i have three files that connect to each other. also, there should be an alert if the texfield matches.
HTML: (membership.php)
<?php
session_start();
require_once('membership.vc.php');
?>
<form>
<div class="form-row">
<div class="col col-md-8">
<input type="text" class="form-control" aria-describedby="sizing-addon1" name="promocode3" placeholder="ENTER PROMO CODE">
</div>
<div class="col col-md-4">
<input type="submit" class="btn color-white mwc-orange-background-color" name="redeem" value="REDEEM">
</div>
</div>
</form>
PHP: (membership.vc.php)
<?php
require_once($routePath . "_mc/PromoCode.mc.php");
$mcPromoCode = new PromoCode_MC();
if (isset($_POST['redeem']) && $_POST['redeem'] == 'REDEEM'){
$pcode3_txtfield = $_POST['promocode3'];
$rowpcode3 = $mcPromoCode->SelectPromoCode3($db, $p3id);
$pcode3 = $rowpcode3['coupon_code'];
if ($pcode3_txtfield == $pcode3 ){
echo "<script>
alert('There are no fields to generate a report');
window.location.href='admin/ahm/panel';
</script>";
}
}
?>
SQL Function: (PromoCode.mc.php)
<?php Class PromoCode_MC {
public function SelectPromoCode3($db, $p3id) {
$stmt = $db->prepare(
" SELECT *
FROM mywhitecard.promocode_3
WHERE p3id = :p3id ");
$stmt->bindValue(':p3id', $p3id, PDO::PARAM_INT);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
return $row; } } ?>
$pcode3 should get the column and $pcode3_txtfield should get the textfield input, which part did i do wrong? since there is no alert popup.
UPDATE: tried to do what the comments said, i thought using the primary key of the table will work but still no effect
UPDATE: i tried:
<?php Class PromoCode_MC {
public function SelectPromoCode3($db, $pcode3_txtfield) {
$stmt = $db->prepare(
" SELECT *
FROM mywhitecard.promocode_3
WHERE pcode3_txtfield = :coupon_code ");
$stmt->bindValue(':pcode3_txtfield', $pcode3_txtfield, PDO::PARAM_INT);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
return $row; }
} ?>
no effect
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
Here I have a form:
<form action="includes/Payment.inc.php" method="get" class="px-4 py-4" >
<div class="form-group">
<div class="d-inline py-1"><h5>Payment Type</h5></div>
<select class="bg-white text-dark" name="payment_type">
<option value="Type">Type</option>
<option value="Food">Food</option>
<option value="House-Rent">House-Rent</option>
<option value="Other">Other</option>
</select>
<h5 class="py-1">Amount of Money</h5>
<div class="input-group">
<span class="input-group-addon">$</span>
<input type="text" class="form-control" name="amount" aria-label="Text input with checkbox">
<span class="input-group-addon">JPY</span>
</div>
<h5 class="py-1">Detail</h5>
<textarea placeholder="Enter The Detail in here" name="detail"></textarea><br>
<label><h5 class="py-1">Date: </h5></label>
<input type="date" name="date"><br>
<button type="submit" name="submit" class="btn btn-primary m-4 border rounded">Submit</button>
</div>
</form>
When clicked simply put all the information into database with following PHP code:
<?php
if (isset($_GET['submit'])) {
include_once 'dbh.inc.php';
$payment_type = $_GET['payment'];
$amount_money = filter_input(INPUT_GET,'amount',FILTER_SANITIZE_NUMBER_INT);
$detail = filter_input(INPUT_GET,'detail',FILTER_SANITIZE_STRING);
$date = $_GET['date'];
if (empty($amount_money)) {
header('Location: ../Data.php?money_empty');
exit();
}
else {
$sql = "INSERT INTO payment(payment_type,amount,detail,payment_date)
VALUES (':payment_type',':amount',':detail',':payment_date')";
$result = $conn->prepare($sql);
$result->bindParam(':payment_type',$payment_type,PDO::PARAM_STR);
$result->bindParam(':amount',$amount_money,PDO::PARAM_INT);
$result->bindParam(':detail',$detail,PDO::PARAM_STR);
$result->bindParam(':payment_date',$date,PDO::PARAM_STR);
$result->execute();
header("Location: ../Data.php?payment_success");
exit();
}
}
Then when I test the form, the execution is completed but when I checked the "payment" table, here's what i got:
payment_type(varchar) = ":payment_type"
amount(int) = 0
detail(varchar) = ":detail"
payment_date(date) = "0000-00-00".
What's wrong with my code ??
In your code, you use '' to eclosed the string part in insert parameters this not need with PDO. Use the following instead...
<?php
if (isset($_GET['submit'])) {
include_once 'dbh.inc.php';
$payment_type = $_GET['payment'];
$amount_money = filter_input(INPUT_GET,'amount',FILTER_SANITIZE_NUMBER_INT);
$detail = filter_input(INPUT_GET,'detail',FILTER_SANITIZE_STRING);
$date = $_GET['date'];
if (empty($amount_money)) {
header('Location: ../Data.php?money_empty');
exit();
}
else {
$sql = "INSERT INTO payment(payment_type,amount,detail,payment_date)
VALUES (:payment_type,:amount,:detail,:payment_date)";
$result = $conn->prepare($sql);
$result->bindParam(':payment_type',$payment_type,PDO::PARAM_STR);
$result->bindParam(':amount',$amount_money,PDO::PARAM_INT);
$result->bindParam(':detail',$detail,PDO::PARAM_STR);
$result->bindParam(':payment_date',$date,PDO::PARAM_STR);
$result->execute();
header("Location: ../Data.php?payment_success");
exit();
}
}
You are quoting your parameter markers, eg ':payment_type', which makes them look like plain strings to PDO, so those strings are what show up in the DB. As the docs show, you should not quote them:
$sql = "INSERT INTO payment(payment_type,amount,detail,payment_date)
VALUES (:payment_type, :amount, :detail, :payment_date)";
I'm new to PHP. I'm trying to display search result based on user query. My issue is that I'm not getting all other similar search results (only the exact results are showing). Is it the right method I'm implementing from security point of view? Thanks in advance.
define('HOST','localhost');
define('USER','root');
define('PASSWORD_HOST','');
define('DATABASE','test');
if(defined('HOST') && defined('USER') && defined('PASSWORD_HOST') && defined('DATABASE')){
$conn = mysqli_connect(HOST, USER, PASSWORD_HOST, DATABASE);
}else{
die(connection_failed.mysqli_connection_error());
}
Here is HTML
<div class="container">
<div class="row">
<div class="col-sm-12">
<form action="" method="POST">
<h4>Search By</h4>
<input type="text" name="delName"/>
<button type="submit" name="submit">search</button>
</form>
</div>
</div>
</div>
Here is PHP
if(isset($_POST['submit'])){
$delName = "%{$_POST['delName']}%";
$stmt =$conn->prepare("SELECT id, delName, medName, contact1, contact2, address, pin, creditLimitDealer FROM dealerentrytable WHERE delName LIKE ?");
$stmt->bind_param("s", $delName);
$stmt->execute();
$stmt->bind_result($id, $delName, $medName, $contact1, $contact2,$address,$pin,$creditLimitDealer);
while ($stmt->fetch()) {
echo "<table>";
echo "<tr><td>ID: $id</td>";
echo "<td>delName: $delName</td>";
echo "<td>medName: $medName</td>";
echo "<td>contact1: $contact1</td>";
echo "<td>contact2: $contact2</td>";
echo "<td>address: $address</td>";
echo "<td>pin: $pin</td>";
echo "<td>creditLimitDealer: $creditLimitDealer</td></tr>";
echo "</table>";
}
$stmt->close();
}
?>
I am trying to put the form results into a database but it is not working properly. No errors seem to be happening, what is wrong with my code?
This is my first page with the booking form:
$booking_sql = "SELECT * FROM calendar, missions WHERE calendar_id = '%d' AND calendar.missions_id = missions.missions_id" ;
$_SESSION['booking']['calendar'];
$booking_query = mysqli_query($dbconn, $booking_sql) or die(mysqli_error());
$rsBooking = mysqli_fetch_assoc($booking_query);
?>
<form action="confirm.php" method="post" name="fmNumCon" id="fmNumCon">
<div class="row"><span class="label"><strong class="full"></strong></span> <span class="element"><h4><?php echo $rsBooking['missions_name'].', '.$rsBooking['calendar_date']; ?></h4></span></div>
<div class="row"><span class="label"><h4>*Number of people:</h4></span><span class="element">
<select name="number" id="number" onchange="getNumber()">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
</select>
</span></div>
<!-- <div class="row"><span class="label"</span><span class="element"><h4>$NZDisplay cost per person.00</h4><input type="hidden" name="price" id ="price" value="" /></span></div>
<div class="row"><span class="label"> </span><span class="element">
<a id="update" href="booking.php?mode=update">Update cost</a>
</span></div> -->
<div class="row"><strong class="full"><h4>Conatact details:</h4></strong> </div>
<div class="row">
<input name="name" type="text" id="name" value="<?= isset($name) ? $name : ''?>" placeholder="name"/>
</div>
<div class="row">
<input name="$phone" type="text" id="phone" placeholder="phone" value="<?= isset($phone) ? $phone : ''?>"/>
</div>
<div class="row">
<input name="email" type="text" id="email" placeholder="email" value="<?= isset($email) ? $email : ''?>"/>
</div>
<div class="row">
<input type="reset" name="Reset" value="Reset" />
<input type="submit" name="Submit" value="Continue" />
</div>
</form>
Here is the confirm page below:
$number = $_SESSION['booking']['number'];
$phone = $_POST['phone'];
$email = $_POST['email'];
require_once('includes/dbconn.php');
$booking_sql = sprintf("SELECT * FROM calendar, missions WHERE calendar_id = '%d' AND calendar.missions_id = missions.missions_id", $_SESSION['booking']['calendar']);
$booking_query = mysqli_query($dbconn, $booking_sql) or die(mysqli_error());
$rsBooking = mysqli_fetch_assoc($booking_query);
?>
<form action="thanks.php" method="post" name="fmConfirm" id="fmConfirm" display="hidden">
<div class="row"><?php echo $rsBooking['missions_name']; ?></div>
<div class="row"><input type="hidden" name="number" value ="<?php echo $number?>"></input></div>
<div class="row"><input type="hidden" name="name" value ="<?php echo $name?>"></input></div>
<div class="row"><input type="hidden" name="phone" value ="<?php echo $phone?>"></input></div>
<div class="row"><input type="hidden" name="email" value ="<?php echo $email?>"></input></div>
<div class="row"><span class="label"> </span> <span class="element">Edit details</span></div>
<div class="row"><span class="label"> </span><span class="element">
<input type="submit" name="Submit" value="Finsih" />
</span></div>
</form>
Here is my thanks page:
<?php require_once('includes/dbconn.php'); ?>
<?php session_start();
$date = date('Y-m-d');
// $calendar = $_POST['calendar_date'];
$name = $_POST['name'];
$number = $_POST['number'];
$phone = $_POST['phone'];
$email = $_POST['email'];
// $booking_sql = "INSERT into bookings (calendar_id, booking_name,
// booking_number, booking_phone,
// booking_email, booking_date) VALUES ('$calendar','$name', 'number', 'phone', 'email')";
$booking_sql = "INSERT INTO bookings (booking_name,
booking_number, booking_phone,
booking_email, booking_date)
VALUES ('$name','$number','$phone','$date')";
$dbconn->query($booking_sql);
// $sql = "INSERT INTO bookings (booking_fname, booking_lname, booking_email, user_id, date_id)
// VALUES ('$fName','$lName','$email', '$userid', '$dateid')";
// $dbc->query($sql);
$booking_query = mysqli_query($dbconn, $booking_sql);
$_SESSION = array();
// session_destroy();
// if(!isset($_COOKIE['active'])) {
// setcookie('active', 'no', time() + 31536000);
// }
?>
<h2>Booking complete </h2>
<p> </p>
<p>Thank you for choosing <strong>Mountain Bike Missions</strong>.</p>
<p>To check your booking immediately, you can log in with your email address here. At any another time, please use the <strong>Check booking</strong> link in the <strong>Booking</strong> section of the site.</p>
I adjusted your thanks.php a little.
throughout your other scripts you used the procedural syntax of mysqli, in thanks.php you switched to object-syntax
removed all those commented lines
session_start() should always be on top of the program (after ini-directives), if you have in an included file some output by accident it would cause a fatal error otherwise
I used prepared statemnts to work with the data you get from users, this way the formatting of the query can not be broken if there are special characters in the input
enabled display_errors so you get shown your errors (when you are done testing you can remove those lines, you don't want to show technical errormessages to users when going productive)
used trigger_error to catch errors thrown by the database to treat them like php errors
Code looks like this:
<?php
/*
* enable display_errors
*/
ini_set('display_errors', 1);
error_reporting(-1);
/*
* start session, construct connection to db
*/
session_start();
require_once('includes/dbconn.php');
/*
* define your variables
*/
$date = date('Y-m-d');
$name = $_POST['name'];
$number = $_POST['number'];
$phone = $_POST['phone'];
$email = $_POST['email'];
/*
* define your sql-statemnt
* send the statement to the database "preparation"-process
* check if the database had any troubles by asking it for errors
*/
$booking_sql = "INSERT INTO bookings (booking_name, booking_number, booking_phone, booking_email, booking_date) VALUES (?, ?, ?, ?, ?)";
$stmt = mysqli_prepare($dbconn ,$booking_sql);
if(mysqli_errno($dbconn) !== 0){
trigger_error(mysqli_error($dbconn));
}
/*
* bind your variables to the prepared statement
* execute the statement
* again, ask if the database had any troubles
*/
mysqli_stmt_bind_param($stmt, "sssss", $name, $number, $phone, $email, $date);
mysqli_stmt_execute($stmt);
if(mysqli_errno($dbconn) !== 0){
trigger_error(mysqli_error($dbconn));
}
$_SESSION = array();
?>
<h2>Booking complete </h2>