I want to save the data with php. The program does not return an error. But to the database does not record.
DOSYA ADI:signup.php
MY CODES:
<form action="islem.php" method="post">
Ad:<input type="text" name="bilgilerim_ad" placeholder="giriniz">
Soyad:<input type="text" name="bilgilerim_soyad" placeholder="giriniz">
Mail:<input type="text" name="bilgilerim_mail"placeholder="giriniz">
Yaş:<input type="text" name="bilgilerim_yas" placeholder="giriniz">
<button name="insertislemi" type="submit">Kayıt</button>
</form>
DOSYA ADI:config.php
MY CODES
<?php
include 'baglan.php';
if(isset($_POST['insertislemi'])){
$query = $db->prepare("INSERT INTO uyeler SET
bilgilerim_ad =: bilgilerim_ad,
bilgilerim_soyad =: bilgilerim_soyad,
bilgilerim_mail =: bilgilerim_mail,
bilgilerim_yas =: bilgilerim_yas,
");
$insert = $query->execute(array(
"bilgilerim_ad" => $_POST['bilgilerim_ad'],
"bilgilerim_soyad" => $_POST['bilgilerim_soyad'],
"bilgilerim_mail" => $_POST['bilgilerim_mail'],
"bilgilerim_yas" => $_POST['bilgilerim_yas'],
));
if ( $insert ){
$last_id = $db->lastInsertId();
print "insert işlemi başarılı!";
}
}
?>
MY CODES
CONNECTION FILE
<?php
try {
$db = new PDO("mysql:host=localhost;dbname=test", "root", "");
//echo "giriş";
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
You first write bilgilerim_ad =: bilgilerim_ad, ... in your insert query, then "bilgilerim_ad" => $_POST['bilgilerim_ad'],.
There's a misplaced space, the datas are bound to bilgilerim_ad but you declared : bilgilerim_ad.
Replace your insert query by :
$query = $db->prepare("INSERT INTO uyeler SET
bilgilerim_ad = :bilgilerim_ad,
bilgilerim_soyad = :bilgilerim_soyad,
bilgilerim_mail = :bilgilerim_mail,
bilgilerim_yas = :bilgilerim_yas");
And bind your datas this way :
$insert = $query->execute(array(
":bilgilerim_ad" => $_POST['bilgilerim_ad'],
":bilgilerim_soyad" => $_POST['bilgilerim_soyad'],
":bilgilerim_mail" => $_POST['bilgilerim_mail'],
":bilgilerim_yas" => $_POST['bilgilerim_yas']));
This is out of topic, but in your php files where you are using only php code (the one that insert and the one that manage DB connection in example) do not close php tag ?>. This can send unwanted characters to http header
Related
I have a form handler (I believe that is the correct terminology) called insert.php, this is used to post form data to a MySQL database on localhost. I have different tables each containing a single record and would like to choose which table the data goes to. I could duplicate the insert.php file for each table but that seems messy. How do I choose which table the data goes to via post?
current insert.php:
<?php
require_once 'login.php';
$con=mysqli_connect($hh,$un,$pw,$db);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
echo 'Connected successfully';
$sql = "UPDATE PiBQ_Temp SET reqdTemp = '$_POST[setTemp]' WHERE tempKey = 1";
mysqli_query($con,$sql);
echo "1 record added";
header ('location: index.php');
mysql_close($con)
?>
What I think is needed for the $sql = variable:
$sql = "UPDATE '$_POST[myTable]' SET '$_POST[myField]' = '$_POST[myValue]' WHERE tableKey = 1"
My html is this:
<form action="insert.php" method="post">
<input type="text" name="myField" value="<?= $myValue ?>"/>
<input type="submit" value="Submit" />
what html should I be using to feed my revised insert.php file above, if that is correct? Thanks.
try this format
$sql = "UPDATE `".$_POST['myTable']."` SET `".$_POST['myField']."` = '".$_POST['myValue']."' WHERE `tableKey` = 1";
or
$mysqli = new mysqli("host", "user", "password", "db");
$stmt = $mysqli->prepare("UPDATE `".$mysqli->real_escape_string(str_replace(" ", "", strtolower($_POST['myTable'])))."` SET `".$mysqli->real_escape_string(str_replace(" ", "", strtolower($_POST['myField'])))."` = ? WHERE `tableKey` = 1");
$stmt->bind_param("s",$_POST['myValue']);
$stmt->execute();
You should use prepared statement instead
There's some wider practices that could be improve, but based on your current code/structure, I would use something like this:
<?php
require_once 'login.php';
try {
$con = new mysqli("host", "user", "password", "db");
} catch (mysqli_sql_exception $e) {
echo "Failed to connect to MySQL: ".$e;
}
$table = (isset($_POST['myTable'])) ? $_POST['myTable'] : null;
$reqdTemp = (isset($_POST['setTemp'])) ? $_POST['setTemp'] : null;
$tempKey = (isset($_POST['setKey'])) ? $_POST['setKey'] : null;
switch($table) {
case "thisTable":
$qry = "UPDATE `thisTable` SET thisField = ? WHERE thisKey = ?";
break;
case "thatTable":
$qry = "UPDATE `thatTable` SET thisField = ? WHERE thisKey = ?";
break;
case "anotherTable":
$qry = "UPDATE `anotherTable` SET thisField = ? WHERE thisKey = ?";
break;
default:
// do something?
break;
}
$stmt = $conn->prepare($qry);
$stmt->bind_param("si", $reqdTemp, $tempKey);
$stmt->execute();
if(!$stmt->execute()) {
echo $stmt->error;
}
else {
echo "1 record added";
}
header ('location: index.php');
mysql_close($con)
?>
Two things to note: The switch statement allows you to provide a different query based on the table name, but it assumes that the same structure is in place (i.e. update String Where Integer).
I've also assumed the thisKey is posted too, as 'setKey'.
Secondly, prepared statements.
This is more of a hint, rather than a whole solution, and you probably need to tidy it up and make it work for you outside of my assumptions
The textarea is not reading any input that is typed into the box. Initially, I was using PHP to check if the textarea was empty, and was recieveing an error there. So I removed that check, to see if it was php that was causing the issue, and added the required="required" attribute to the textarea tag, and even that is coming back with Please fill out this field. I am not quite sure where I am going wrong with my code, I had it working previously, then all of a sudden it stopped working, and I am completely confused as to why. I also looked at various other posts about the textarea not submitting, and ensured that I was checking the post with the name, not the ID; and making sure the textarea was submitting to the same form as the submit button. I have also tried it without specifying the form on the textarea tag.
HTML Code:
<form action="" method="post" id="CreateTopicForm">
<input type="hidden" name="create-topic" />
<span class="secondary radius label"><strong>Title</strong></span>
<input type="text" name="title" id="title" />
<span class="secondary radius label"><strong>Message</strong></span>
<textarea name="content" id="content" required="required" form="CreateTopicForm"></textarea>
<?php if($_SESSION['user']['account_type'] >= 3): ?>
<span class="secondary radius label"><strong>Sticky Topic</strong></span>
<input type="checkbox" name="sticky" /><br />
<?php endif ?>
<input type="submit" value="Post Topic" class="topic-post" />
</form>
PHP Code:
/* Retrieve necessary variables */
$fid = $_GET['fid'];
/* Get Forum Information */
$query = "SELECT * FROM bkg_forums where forum_id = :id";
$query_params = array(
':id' => $fid
);
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
} catch(PDOException $e) {
$error[] = $pdoerror;
}
$forum = $stmt->fetchAll();
/* Begin the database upload */
if(!empty($_POST)){ /* Plan to change to if($_REQUEST['submit']) */
/* Check if data was actually submitted */
$db->beginTransaction();
/* DO SOME ERROR CHECKING. MAKE SURE FIELDS ARE NOT EMPTY. */
if(empty($_POST['title'])){
$error[] = "Sorry! You must enter a title!";
}
/* Previously had a check if $_POST['content'] */
/* GENERATE SOME VARIABLES NEEDED TO INSERT INTO TABLES. ACCOUNT_TYPE IS TEMPORARY*/
if($_SESSION['user']['account_type'] == 0) {
$account_type = "Normal";
$color = "white";
} elseif($_SESSION['user']['account_type'] == 1) {
$account_type = "Donator";
$color = "#F4FA58";
} elseif($_SESSION['user']['account_type'] == 2) {
$account_type = "Moderator";
$color = "#2EFE2E";
} elseif($_SESSION['user']['account_type'] == 3) {
$account_type = "Community Manager";
$color = "#0000FF";
} elseif($_SESSION['user']['account_type'] == 4) {
$account_type = "Administrator";
$color = "#DF0101";
}
if(isset($_POST['sticky'])){
$sticky = 1;
} else {
$sticky = 0;
}
if(!isset($error)){
/* INSERT INTO TOPICS TABLE */
$query = "INSERT INTO bkg_topics (
forum_id,
icon_id,
topic_approved,
topic_title,
topic_text,
topic_poster_id,
topic_poster,
topic_poster_color,
topic_post_time,
topic_status,
topic_type
) VALUES (
:forumid,
:iconid,
:topicapproved,
:topictitle,
:topictext,
:topicposter_id,
:topicposter,
:topicposter_color,
:topicpost_time,
:topicstatus,
:topictype
)";
$query_params = array(
':forumid' => $fid,
':iconid' => 1,
':topicapproved' => 1,
':topictitle' => $_POST['title'],
':topictext' => $_POST['content'],
':topicposter_id' => $_SESSION['user']['id'],
':topicposter' => $_SESSION['user']['displayname'],
':topicposter_color' => $color,
':topicpost_time' => time(),
':topicstatus' => 0,
':topictype' => $sticky
);
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
$lastid = $db->lastInsertId();
/* Retrieve the last id of a topic, used to generate some links. */
/* UPDATE FORUM TABLE */
$query = "UPDATE bkg_forums SET
`forum_last_post_id` = :lastpostid,
`forum_last_post_topic_id` = :lastposttopicid,
`forum_last_post_title` = :lastposttitle,
`forum_last_poster_id` = :lastposterid,
`forum_last_post_time` = :lastposttime,
`forum_last_poster_name` = :lastpostername,
`forum_last_poster_color` = :lastpostercolor
WHERE `forum_id` = :forumid
";
$query_params = array(
':lastpostid' => null,
':lastposttopicid' => $lastid,
':lastposttitle' => $_POST['title'],
':lastposterid' => $_SESSION['user']['id'],
':lastposttime' => time(),
':lastpostername' => $_SESSION['user']['displayname'],
':lastpostercolor' => $color,
':forumid' => $fid
);
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
if($fid == 13){
$query = "INSERT INTO updates (
title,
content,
`date`,
`user`,
`topic_id`
) VALUES (
:title,
:content,
:date_posted,
:user_posted,
:topic_id
)";
$query_params = array(
':title' => $_POST['title'],
':content' => $_POST['content'],
':date_posted' => time(),
':user_posted' => $_SESSION['user']['displayname'],
':topic_id' => $lastid
);
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
try {
$db->commit();
$post_ok = 1;
} catch(PDOException $e) {
$erroradmin[] = $e->getMessage();
$db->rollback();
}
if(isset($post_ok)): ?>
<script>
location.href = "http://www.boundlessknights.com?viewtopic&fid=<?php echo $fid; ?>&tid=<?php echo $lastid; ?>";
</script>
<?php else: ?>
<?php $error[] = "Your topic did not post."; ?>
<?php endif; ?>
<?php
}
}
?>
Questions I looked at:
Form Post Not Reading Any Value
Cannot Get the Value of a Textarea via Post Method
Textarea Not Posting with Form
Textarea Returns Empty Value in PHP Post
TinyMCE does not keep the underlying textarea in sync at all times. Normally, when you post the form, TinyMCE will update the textarea before the form is posted but the process seems to be stopped by the required attribute. You can use the following API call to force TinyMCE to update the textarea:
tinymce.triggerSave();
This will force TinyMCE to update the textarea when its called. You can either:
Do this in the onsubmit event of the form
Do this in the TinyMCE init:
tinymce.init({
selector: "textarea",
setup: function (editor) {
editor.on('change', function () {
tinymce.triggerSave();
});
}
});
Your page is using TinyMCE editor. It is giving the following error in the console: An invalid form control with name='content' is not focusable.
Fixing that will fix your problem.
Hmmm, did you try to remove this "form" attribute from your Textarea ?
<textarea name="content" id="content" required></textarea>
Tell us what it do when u try.
Change this
<textarea name="content" id="content" required="required" form="CreateTopicForm"></textarea>
to this
<textarea name="content" id="content" required="required" ></textarea>
You might not be able to post anything because you've NOT specified the action attribute of your form.
<form action="" method="post" id="CreateTopicForm">
Set it to the name of the php file (with the proper path to the file),
and it should work.
Note: To make sure the the $_POST array contains your form submitted values, do a var_dump($_POST).
I cannot resolve why what works locally fails at the host server. It connects to the database, retrieves and displays data, but it fails to retrieve the data and include the form. Hopefully, I have included enough code.
First the data is retrieved and displayed:
/*------------------- DISPLAY ACCESSORIES ------------------*/
if(isset($_GET['table']) && $_GET['table'] === "accessories")
{
$table = 'accessories';
include '../includes/dbconnect.php';
try {
$result = $db->query("SELECT * FROM $table");
while($row = $result->fetch(PDO::FETCH_ASSOC)){
$accessories[] = array(
'id' => $row['id'],
'buy_link' => $row['buy_link'],
'img' => $row['img'],
'item_number' => $row['item_number'],
'name' => $row['name'],
'description' => $row['description'],
'laser_series' => $row['laser_series'],
'laser_model' => $row['laser_model'],
'quantity' => $row['quantity'],
'price' => $row['price'],
);
}
}
catch (PDOException $e)
{
$error = 'Error fetching data.' . $e->getMessage();
include 'error.html.php';
exit();
}
try {
$sql2 = 'DESCRIBE accessories';
$s2= $db->prepare($sql2);
$s2->execute();
$table_fields = $s2->fetchAll(PDO::FETCH_COLUMN);
}
catch (PDOException $e)
{
$error = 'Error fetching data from database.';
include 'error.html.php';
exit();
}
// Close database connection
$db = null;
// Display data on included page
include 'display-accessories.html.php';
exit();
}
Then, in the row the user wishes to edit, he clicks the edit button. Here's that html:
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post">
<input type="hidden" name="id" value="<?php htmlout($accessory['id']); ?>">
<button class="btn btn-default btn-sm" type="submit" name="action" value="edit_accessories">Edit</button>
</form>
Clicking the edit button triggers this php, which fails (not locally). It does not include the file (the path is correct; in the same folder).
/*------------------- EDIT ACCESSORIES ------------------*/
if(isset($_POST['action']) && $_POST['action'] === "edit_accessories")
{
// Assign name of table being queried to variable
$table = 'accessories';
// Sanitize posted data
$id = sanitize($_POST['id']);
// Connect to database
include '../includes/dbconnect.php';
try {
$sql = "SELECT * FROM $table WHERE id = :id";
$s = $db->prepare($sql);
$s->bindValue(':id', $id);
$s->execute();
}
catch (PDOException $e)
{
$error = 'Error fetching data.' . $e->getMessage();
include 'error.html.php';
exit();
}
// Store single row result in $item associative array
$item = $s->fetch(PDO::FETCH_ASSOC);
// Close database connection
$db = null;
// Display row content in form
include 'edit-accessories-form.html.php';
exit();
}
If anyone has any ideas why this does not work, I welcome your insight!
Just change the sentence:
FROM: '../includes/dbconnect.php';
TO: $_SERVER['DOCUMENT_ROOT'].'/includes/dbconnect.php';
In the server the path can't be write as '../' because there is a whole different server path configuration.
I'm trying to use a PDO Wrapper Class and in general for proper security against SQL injections as good practice. Trying to learn the clean bare essentials for filling out a form to POST into MySQL.
So, at one point my form was inserting data into the MySQL table, but was doing multiple records on refresh after submit. Then I researched a cleaner way to write the processor but am now having trouble making it insert into the table. Not sure if maybe there is a discrepancy between the Processor and the "class.db.php" file?
I've searched a lot for "how-to's" having no success in a consistent answer. Trying to understand what I'm doing wrong, desiring an answer of best practice. Everything I've seen is all over the map.
Here's where I'm at:
For reference I started here first http://webdevelopingcat.com/php-mysql-tutorial-for-beginners-inserting-rows-with-pdo/
Then at top of the document I'm Including if you google, the https://code.google.com/p/php-pdo-wrapper-class/ project for a basis of class implementation.
<?php
include("class.db.php");
$version = "1.0.2";
$released = "December 9, 2010";
?>
Then a simple form within the body.
<?php
if ( empty( $_POST ) ){
?>
<form name='registration' action='success.php' method='POST'/>
<label for 'FName'>First Name: </label>
<input type="text" name="FName" />
<label for 'LName'>Last Name: </label>
<input type="text" name="LName" />
<label for 'Age'>Age: </label>
<input type="number" name="Age" />
<label for 'Gender'>Gender: </label>
<input type="text" name="Gender" />
<button type="submit">Submit</button>
</form>
Finally the form processor also within the body.
<?php
} else {
//process the form here
//
// Connect to database
$db = new db("mysql:host=localhost;dbname=pdodb", "root", "root");
$form = $_POST;
$first = $form[ 'FName' ];
$last = $form[ 'LName' ];
$myage = $form[ 'Age' ];
$gen = $form[ 'Gender' ];
$sql = "INSERT INTO mytable ( FName, LName, Age, Gender ) VALUES ( :first, :last, :myage, :gen )";
$query = $db->prepare( $sql );
$query->execute( array( ':first'=>$first, ':last'=>$last, ':myage'=>$myage, ':gen'=>$gen ) );
}
?>
The MANUAL way works. Referenced culttt.com post about: prevent-php-sql-injection-with-pdo-prepared-statements
// Create array of data to insert
$insert = array(
"FName" => "John",
"LName" => "Doe",
"Age" => 26,
"Gender" => "male"
);
// Insert the array into the table
$db->insert("mytable", $insert);
Your form is posting to success.php, so make sure that the insert code is in the success.php file:
<?php
// Get POST data
$first = (!empty($_POST['FName']) ? $_POST['FName'] : '');
$last = (!empty($_POST['LName']) ? $_POST['LName'] : '');
$myage = (!empty($_POST['Age']) ? $_POST['Age'] : '');
$gen = (!empty($_POST['Gender']) ? $_POST['Gender'] : 0);
try {
// Connect to db
$db = new db('mysql:dbname=pdodb;host=localhost', 'root', 'root');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Set SQL
$sql = 'INSERT INTO mytable (FName, LName, Age, Gender) VALUES (:first, :last, :myage, :gen)';
// Prepare query
$query = $db->prepare($sql);
// Execute query
$query->execute(array(':first' => $first, ':last' => $last, ':myage' => $myage, ':gen' => $gen));
} catch (PDOException $e) {
echo 'Error: ' . $e->getMessage();
}
Thanks,
Andrew
<?php
// Get POST data
$first = (!empty($_POST['FName']) ? $_POST['FName'] : '');
$last = (!empty($_POST['LName']) ? $_POST['LName'] : '');
$myage = (!empty($_POST['Age']) ? $_POST['Age'] : '');
$gen = (!empty($_POST['Gender']) ? $_POST['Gender'] : 0);
try {
// Connect to db
$db = new PDO('mysql:dbname=pdodb;host=localhost', 'root', 'root');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Set SQL
$sql = 'INSERT INTO mytable (FName, LName, Age, Gender) VALUES (:first, :last, :myage, :gen)';
// Prepare query
$query = $db->prepare($sql);
// Execute query
$query->execute(array(':first' => $first, ':last' => $last, ':myage' => $myage, ':gen' => $gen));
$db= null;
} catch (PDOException $e) {
echo 'Error: ' . $e->getMessage();
$db= null;
}
I'm trying to get my query to work for this PHP but I'm getting a "Invalid Parameter Number: number of bound variables do not match number of tokens" This is a snippet of my PHP:
<?php
/*
Our "config.inc.php" file connects to database every time we include or require
it within a php script. Since we want this script to add a new user to our db,
we will be talking with our database, and therefore,
let's require the connection to happen:
*/
require("configmob.php");
//if posted data is not empty
if (!empty($_POST)) {
//If the username or password is empty when the user submits
//the form, the page will die.
//Using die isn't a very good practice, you may want to look into
//displaying an error message within the form instead.
//We could also do front-end form validation from within our Android App,
//but it is good to have a have the back-end code do a double check.
if (empty($_POST['FirstName']) || empty($_POST['LastName'])) {
// Create some data that will be the JSON response
$response["success"] = 0;
$response["message"] = "Please Enter Both a First Name and a Last Name.";
//die will kill the page and not execute any code below, it will also
//display the parameter... in this case the JSON data our Android
//app will parse
die(json_encode($response));
}
//if the page hasn't died, we will check with our database to see if there is
//already a user with the username specificed in the form. ":user" is just
//a blank variable that we will change,Spot FROM Reservation WHERE Date = ':Date' AND Time = ':Time' AND Spot = ':Spot' ";
//now lets update what :user should be
$query = "Select * FROM Reservation WHERE Date = ':Date' AND TimeIn = ':TimeIn' AND Spot = ':Spot'";
$query_params = array(':Date' => $_POST['Date'] , ':TimeIn' => $_POST['Time'] , ':Spot' => $_POST['Spot']
);
//Now let's make run the query:
try {
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
// For testing, you could use a die and message.
//die("Failed to run query: " . $ex->getMessage());
//or just use this use this one to product JSON data:
$response["success"] = 0;
$response["message"] = $ex->getMessage();
die(json_encode($response));
}
//fetch is an array of returned data. If any data is returned,
//we know that the username is already in use, so we murder our
//page
$row = $stmt->fetch();
if ($row) {
// For testing, you could use a die and message.
//die("This username is already in use");
//You could comment out the above die and use this one:
$response["success"] = 0;
$response["message"] = "I'm sorry, this Reservation is already Taken";
die(json_encode($response));
}
//If we have made it here without dying, then we are in the clear to
//create a new user. Let's setup our new query to create a user.
//Again, to protect against sql injects, user tokens such as :user and :pass
$query = "INSERT INTO Reservation (Fname, Lname, Garno, Gname, EmpID, CustID, License, Floor, Spot, TimeIn, TimeOut, Date, Confirmation)
VALUES (:Fname, :Lname, :Garno, :Gname, :EmpID, :CustID, :License, :Floor, :Spot, :TimeIn, :TimeOut, :Date, :Confirmation) ";
//Again, we need to update our tokens with the actual data:
$query_params = array(
':Fname' => $_POST['FirstName'],
':Lname' => $_POST['LastName'],
':Gname' => $_POST['Garage'],
':Date' => $_POST['Date'],
':TimeIn' => $_POST['Time'],
':Spot' => $_POST['Spot'],
':Confirmation' => $_POST['Confirmation'],
);
//time to run our query, and create the user
try {
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch (PDOException $ex) {
// For testing, you could use a die and message.
//die("Failed to run query: " . $ex->getMessage());
//or just use this use this one:
$response["success"] = 0;
$response["message"] = $ex->getMessage();
die(json_encode($response));
}
//If we have made it this far without dying, we have successfully added
//a new user to our database. We could do a few things here, such as
//redirect to the login page. Instead we are going to echo out some
//json data that will be read by the Android application, which will login
//the user (or redirect to a different activity, I'm not sure yet..)
$response["success"] = 1;
$response["message"] = "Reservation Added!!";
echo json_encode($response);
//for a php webservice you could do a simple redirect and die.
//header("Location: loginmob.php");
//die("Redirecting to loginmob.php");
} else {
?>
<h1>Register</h1>
<form action="register.php" method="post">
Username:<br />
<input type="text" name="username" value="" />
<br /><br />
Password:<br />
<input type="password" name="password" value="" />
<br /><br />
<input type="submit" value="Register New User" />
</form>
<?php
}
?>
Thank you for the help!
This is what I found in your second statement:
$query = "Select * FROM Reservation WHERE Date = ':Date' AND TimeIn = ':Time' AND Spot = ':Spot'";
$query_params = array(':Date' => $_POST['Date'] , ':TimeIn' => $_POST['Time'] , ':Spot' => $_POST['Spot']
);
Your :TimeIn should be :Time like follows:
$query_params = array(':Date' => $_POST['Date'] , ':Time' => $_POST['Time'] , ':Spot' => $_POST['Spot']
Update:
Also in your second query you have :Garno missing, please try the following:
$query = "INSERT INTO Reservation (Fname, Lname, Garno, Gname, EmpID, CustID, License, Floor, Spot, TimeIn, TimeOut, Date, Confirmation)
VALUES (:Fname, :Lname, :Garno, :Gname, :EmpID, :CustID, :License, :Floor, :Spot, :TimeIn, :TimeOut, :Date, :Confirmation) ";
//Again, we need to update our tokens with the actual data:
$query_params = array(
':Fname' => $_POST['FirstName'],
':Lname' => $_POST['LastName'],
':Garno' => $_POST['Garno'], // Hopefully $_POST['Garno'] is what you want.
':EmpID' => $_POST['EmpID'], // Hopefully $_POST['EmpID'] is what you want.
':CustID' => $_POST['CustID'], // Hopefully $_POST['CustID'] is what you want.
':License' => $_POST['License'], // Hopefully $_POST['License'] is what you want.
':Floor' => $_POST['Floor'], // Hopefully $_POST['Floor'] is what you want.
':TimeOut' => $_POST['TimeOut'], // Hopefully $_POST['TimeOut'] is what you want.
':Gname' => $_POST['Garage'], // You don't need this, remove this.
':Date' => $_POST['Date'],
':TimeIn' => $_POST['Time'],
':Spot' => $_POST['Spot'],
':Confirmation' => $_POST['Confirmation'],
);