This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 5 years ago.
Here I have a form:
<form action="includes/Payment.inc.php" method="get" class="px-4 py-4" >
<div class="form-group">
<div class="d-inline py-1"><h5>Payment Type</h5></div>
<select class="bg-white text-dark" name="payment_type">
<option value="Type">Type</option>
<option value="Food">Food</option>
<option value="House-Rent">House-Rent</option>
<option value="Other">Other</option>
</select>
<h5 class="py-1">Amount of Money</h5>
<div class="input-group">
<span class="input-group-addon">$</span>
<input type="text" class="form-control" name="amount" aria-label="Text input with checkbox">
<span class="input-group-addon">JPY</span>
</div>
<h5 class="py-1">Detail</h5>
<textarea placeholder="Enter The Detail in here" name="detail"></textarea><br>
<label><h5 class="py-1">Date: </h5></label>
<input type="date" name="date"><br>
<button type="submit" name="submit" class="btn btn-primary m-4 border rounded">Submit</button>
</div>
</form>
When clicked simply put all the information into database with following PHP code:
<?php
if (isset($_GET['submit'])) {
include_once 'dbh.inc.php';
$payment_type = $_GET['payment'];
$amount_money = filter_input(INPUT_GET,'amount',FILTER_SANITIZE_NUMBER_INT);
$detail = filter_input(INPUT_GET,'detail',FILTER_SANITIZE_STRING);
$date = $_GET['date'];
if (empty($amount_money)) {
header('Location: ../Data.php?money_empty');
exit();
}
else {
$sql = "INSERT INTO payment(payment_type,amount,detail,payment_date)
VALUES (':payment_type',':amount',':detail',':payment_date')";
$result = $conn->prepare($sql);
$result->bindParam(':payment_type',$payment_type,PDO::PARAM_STR);
$result->bindParam(':amount',$amount_money,PDO::PARAM_INT);
$result->bindParam(':detail',$detail,PDO::PARAM_STR);
$result->bindParam(':payment_date',$date,PDO::PARAM_STR);
$result->execute();
header("Location: ../Data.php?payment_success");
exit();
}
}
Then when I test the form, the execution is completed but when I checked the "payment" table, here's what i got:
payment_type(varchar) = ":payment_type"
amount(int) = 0
detail(varchar) = ":detail"
payment_date(date) = "0000-00-00".
What's wrong with my code ??
In your code, you use '' to eclosed the string part in insert parameters this not need with PDO. Use the following instead...
<?php
if (isset($_GET['submit'])) {
include_once 'dbh.inc.php';
$payment_type = $_GET['payment'];
$amount_money = filter_input(INPUT_GET,'amount',FILTER_SANITIZE_NUMBER_INT);
$detail = filter_input(INPUT_GET,'detail',FILTER_SANITIZE_STRING);
$date = $_GET['date'];
if (empty($amount_money)) {
header('Location: ../Data.php?money_empty');
exit();
}
else {
$sql = "INSERT INTO payment(payment_type,amount,detail,payment_date)
VALUES (:payment_type,:amount,:detail,:payment_date)";
$result = $conn->prepare($sql);
$result->bindParam(':payment_type',$payment_type,PDO::PARAM_STR);
$result->bindParam(':amount',$amount_money,PDO::PARAM_INT);
$result->bindParam(':detail',$detail,PDO::PARAM_STR);
$result->bindParam(':payment_date',$date,PDO::PARAM_STR);
$result->execute();
header("Location: ../Data.php?payment_success");
exit();
}
}
You are quoting your parameter markers, eg ':payment_type', which makes them look like plain strings to PDO, so those strings are what show up in the DB. As the docs show, you should not quote them:
$sql = "INSERT INTO payment(payment_type,amount,detail,payment_date)
VALUES (:payment_type, :amount, :detail, :payment_date)";
Related
I am retrieving values from the database into the form for update, on the press of submit button.
The values do get retrieved but update process fails without any error.
Here's the code:
<?php
session_start();
$username=$_SESSION['uname'];
$cn=mysqli_connect("localhost", "root", "", "testdb");
// Define variables and initialize with empty values
$course = $category = "";
$title = $descp = "";
// Processing form data when form is submitted
if(isset($_POST["pid"]) && !empty($_POST["pid"])){
// Get hidden input value
$pid = $_POST["pid"];
// Check input errors before inserting in database
if(empty($course) && empty($category) && empty($title) && empty($descp)){
// Prepare an update statement
$sql = "UPDATE posts SET course=?, category=?, title=?, descp=? WHERE pid=?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssssi", $param_course, $param_category, $param_title, $param_descp, $param_pid);
// Set parameters
$param_course = $course;
$param_category = $category;
$param_title = $title;
$param_descp = $descp;
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Records updated successfully. Redirect to landing page
header("location: CAposts.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($cn);
} else{
// Check existence of id parameter before processing further
if(isset($_GET["pid"]) && !empty(trim($_GET["pid"]))){
// Get URL parameter
$pid = trim($_GET["pid"]);
// Prepare a select statement
$sql = "SELECT * FROM posts WHERE pid = ?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_pid);
// Set parameters
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$result = mysqli_stmt_get_result($stmt);
if(mysqli_num_rows($result) == 1){
/* Fetch result row as an associative array. Since the result set contains only one row, we don't need to use while loop */
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
// Retrieve individual field value
$pid = $row['pid'];
$uname = $row['uname'];
$course = $row['course'];
$category = $row['category'];
$pdate = $row['pdate'];
$title = $row['title'];
$descp = $row['descp'];
} else{
// URL doesn't contain valid id. Redirect to error page
header("location: CAposts.php");
exit();
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
// Close connection
mysqli_close($cn);
} else{
// URL doesn't contain id parameter. Redirect to error page
header("location: CAposts.php");
exit();
}
}
?>
<html>
<head>
<title>IMEDTalks-Post-
<?php echo $title;?>
</title>
<link href="./css/bootstrap.min.css" rel="stylesheet" />
<script src="./scripts/jquery-3.3.1.min.js"></script>
<script src="./scripts/bootstrap.min.js"></script>
<style>
/* Make the image fully responsive */
.carousel-inner img {
width: 100%;
height: 30%;
}
</style>
</head>
<body>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2 class="text-center">Update Post</h2>
</div>
<p class="text-center">Please edit the input values and submit to update the post.</p>
<form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
<div class="form-group">
<div class="row">
<label class="col-form-label col-md-1 offset-3" for="course">Course:</label>
<div class="col-md-2">
<select name="course" class="form-control" required>
<option value="<?php echo $course;?>" selected>
<?php echo $course;?>
</option>
<option value="">Choose any:</option>
<option value="comp">Comp</option>
<option value="theo">Theory</option>
</select>
</div>
<label class="col-form-label col-md-1" for="category">Category:</label>
<div class="col-md-3">
<select name="category" class="form-control" required>
<option value="<?php echo $category;?>" selected>
<?php echo $category;?>
</option>
<option value="">Choose any:</option>
<option value="plang">Programming Language</option>
<option value="web">Web Technologies</option>
<option value="maths">Mathematics and Statistics</option>
<option value="others">Others</option>
</select>
</div>
</div>
</div>
<div class="form-group row">
<label for="title" class="col-form-label col-md-2">Title:
</label>
<div class="col-md-10">
<input type="text" class="form-control" value="<?php echo $title;?>" name="title" required>
</div>
</div>
<div class="form-group row">
<label for="desc" class="col-form-label col-md-12">Description:
</label>
<div class="col-md-12">
<textarea class="form-control" name="descp" rows="20" required><?php echo $descp;?></textarea>
</div>
</div>
<input type="hidden" name="pid" value="<?php echo $pid;?>" />
<div class="form-group row">
<div class="col-md-4 offset-4">
<a href="CAposts.php"><button type="button" name="cancel"
class="btn-lg btn-danger">Cancel</button></a>
</div>
<div class="col-md-4">
<button type="submit" name="update" class="btn-lg btn-success">Submit</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
PS:
pid is being bought from the previous page where the data is listed in table format, and on the click of the button, that data/post gets loaded into the form for editing using the pid, which is primary key in my database table.
using bootstrap 4.
Edited after first comments.
You have 5 columns in your query but you only bind 4 of them, so you forgot an s
$sql = "UPDATE posts SET course=?, category=?, title=? descp=? WHERE pid=?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "sssi", $param_course, $param_category, $param_title, $param_descp, $param_pid);
Here a cleaner code for your update:
$stmt = $conn->prepare("UPDATE posts SET course=?, category=?, title=?, descp=? WHERE pid=?");
$stmt->bind_param("ssssi", $course, $category, $title, $descp, $pid);
$stmt->execute();
I just saw that you are trying to display all your data from DB using
// Prepare a select statement
$sql = "SELECT * FROM posts WHERE pid = ?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_pid);
// Set parameters
$param_pid = $pid;
And also, the value of all your form is using these informations fetched from DB, which is nothing since, i just can't understand. You are trying to fetching all your data using a variable which comming from data of DB itself...
Try something, change the hidden form for your ID and use this (if you have data in db using id 1)
<input type="hidden" name="pid" value="1" />
I am retrieving values from the database into the form for update, on the press of the submit button, the values should get updated.
Here's the code:
PostUpdate.php:
<?php
session_start();
$username=$_SESSION['uname'];
$cn=mysqli_connect("localhost", "root", "", "testdb");
// Define variables and initialize with empty values
$course = $category = "";
$title = $descp = "";
// Processing form data when form is submitted
if(isset($_POST["pid"]) && !empty($_POST["pid"])){
// Get hidden input value
$pid = $_POST["pid"];
// Check input errors before inserting in database
if(empty($course) && empty($category) && empty($title) && empty($descp)){
// Prepare an update statement
$sql = "UPDATE posts SET course=?, category=?, title=?, descp=? WHERE pid=?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssssi", $param_course, $param_category, $param_title, $param_descp, $param_pid);
// Set parameters
$param_course = $course;
$param_category = $category;
$param_title = $title;
$param_descp = $descp;
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Records updated successfully. Redirect to landing page
header("location: CAposts.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($cn);
} else{
// Check existence of id parameter before processing further
if(isset($_GET["pid"]) && !empty(trim($_GET["pid"]))){
// Get URL parameter
$pid = trim($_GET["pid"]);
// Prepare a select statement
$sql = "SELECT * FROM posts WHERE pid = ?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_pid);
// Set parameters
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$result = mysqli_stmt_get_result($stmt);
if(mysqli_num_rows($result) == 1){
/* Fetch result row as an associative array. Since the result set contains only one row, we don't need to use while loop */
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
// Retrieve individual field value
$pid = $row['pid'];
$uname = $row['uname'];
$course = $row['course'];
$category = $row['category'];
$pdate = $row['pdate'];
$title = $row['title'];
$descp = $row['descp'];
} else{
// URL doesn't contain valid id. Redirect to error page
header("location: CAposts.php");
exit();
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
// Close connection
mysqli_close($cn);
} else{
// URL doesn't contain id parameter. Redirect to error page
header("location: CAposts.php");
exit();
}
}
?>
<html>
<head>
<title>IMEDTalks-Post-
<?php echo $title;?>
</title>
<link href="./css/bootstrap.min.css" rel="stylesheet" />
<script src="./scripts/jquery-3.3.1.min.js"></script>
<script src="./scripts/bootstrap.min.js"></script>
<style>
/* Make the image fully responsive */
.carousel-inner img {
width: 100%;
height: 30%;
}
</style>
</head>
<body>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2 class="text-center">Update Post</h2>
</div>
<p class="text-center">Please edit the input values and submit to update the post.</p>
<form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
<div class="form-group">
<div class="row">
<label class="col-form-label col-md-1 offset-3" for="course">Course:</label>
<div class="col-md-2">
<select name="course" class="form-control" required>
<option value="<?php echo $course;?>" selected>
<?php echo $course;?>
</option>
<option value="">Choose any:</option>
<option value="comp">Comp</option>
<option value="theo">Theory</option>
</select>
</div>
<label class="col-form-label col-md-1" for="category">Category:</label>
<div class="col-md-3">
<select name="category" class="form-control" required>
<option value="<?php echo $category;?>" selected>
<?php echo $category;?>
</option>
<option value="">Choose any:</option>
<option value="plang">Programming Language</option>
<option value="web">Web Technologies</option>
<option value="maths">Mathematics and Statistics</option>
<option value="others">Others</option>
</select>
</div>
</div>
</div>
<div class="form-group row">
<label for="title" class="col-form-label col-md-2">Title:
</label>
<div class="col-md-10">
<input type="text" class="form-control" value="<?php echo $title;?>" name="title" required>
</div>
</div>
<div class="form-group row">
<label for="desc" class="col-form-label col-md-12">Description:
</label>
<div class="col-md-12">
<textarea class="form-control" name="descp" rows="20" required><?php echo $descp;?></textarea>
</div>
</div>
<input type="hidden" name="pid" value="<?php echo $pid;?>" />
<div class="form-group row">
<div class="col-md-4 offset-4">
<a href="CAposts.php"><button type="button" name="cancel"
class="btn-lg btn-danger">Cancel</button></a>
</div>
<div class="col-md-4">
<button type="submit" name="update" class="btn-lg btn-success">Submit</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
Here, i am using pid which is being bought from the previous page where the data is listed in table format, and on the click of a button there, that data/post gets loaded into the form for editing and updating the same using the pid(primary key in my database table)
Iam using bootstrap 4.
Problem i am facing:
The update operation is performed without any errors using the pid, but the values of course, category, title, description gets set to blank in database table after this update operation.
I can't figure out whats going wrong here.
I am having trouble of finding why my code is not working . I tried to look up on the internet but I can't seem to find the error.
Here's my function
public function AddNews($newsDate,$title,$content){
try{
$stmt = $this->db->prepare("INSERT INTO news(newsDate,title,content) VALUES (:newsDate,:$title,:$content)");
$stmt->bindParam(":newsDate", $newsDate);
$stmt->bindParam(":title", $title);
$stmt->bindParam(":content", $content);
$stmt->execute();
return $stmt;
}catch(PDOException $ex){
echo $ex->getMessage();
}
}
and the form action
/*---------DEVELOPMENT-----------*/
require_once '/database/database.php';
/*---------ENVIRONMENT-----------*/
// require_once 'database/database.php';
if(isset($_POST['btn-news-submit'])){
$newsDate = trim($_POST['newsDate']);
$title = trim($_POST['bodyContent']);
$content = trim($_POST['newsContent']);
if($user->AddNews($newsDate,$title,$content)){
header("Location: admin-index.php?successfully-uploaded");
}
}
and lastly my html form
<div class="news">
<form action = "upload-news" method="POST" enctype="multipart/form-data">
<div class="form-group">
<input type="hidden" name="newsDate" id="newsDate" value="<?php echo date('Y-m-d H:i:s'); ?>" readonly="readonly">
<label for="bodyContent"><b>Title</b></label>
<textarea class="form-control" rows="1" id="bodyContent" name="bodyContent"></textarea>
<br>
<label for="exampleFormControlFile1">Content of News</label>
<textarea class="form-control" rows="5" id="newsContent" name="newsContent"></textarea>
<br />
<br>
<div class="btn-news">
<button type="submit" name="btn-news-submit" class="btn btn-primary">Post</button>
</div>
</div>
</form>
</div>
Could someone please point out where is the error here . It says
SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
But I checked several times and all my bindParam are matched
Don't use dollar signs in your bind handles here:
"INSERT INTO news(newsDate,title,content) VALUES (:newsDate,:$title,:$content)"
^ ^
Just use plain strings like this:
"INSERT INTO news(newsDate,title,content) VALUES (:newsDate,:title,:content)"
I am trying to put the form results into a database but it is not working properly. No errors seem to be happening, what is wrong with my code?
This is my first page with the booking form:
$booking_sql = "SELECT * FROM calendar, missions WHERE calendar_id = '%d' AND calendar.missions_id = missions.missions_id" ;
$_SESSION['booking']['calendar'];
$booking_query = mysqli_query($dbconn, $booking_sql) or die(mysqli_error());
$rsBooking = mysqli_fetch_assoc($booking_query);
?>
<form action="confirm.php" method="post" name="fmNumCon" id="fmNumCon">
<div class="row"><span class="label"><strong class="full"></strong></span> <span class="element"><h4><?php echo $rsBooking['missions_name'].', '.$rsBooking['calendar_date']; ?></h4></span></div>
<div class="row"><span class="label"><h4>*Number of people:</h4></span><span class="element">
<select name="number" id="number" onchange="getNumber()">
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
</select>
</span></div>
<!-- <div class="row"><span class="label"</span><span class="element"><h4>$NZDisplay cost per person.00</h4><input type="hidden" name="price" id ="price" value="" /></span></div>
<div class="row"><span class="label"> </span><span class="element">
<a id="update" href="booking.php?mode=update">Update cost</a>
</span></div> -->
<div class="row"><strong class="full"><h4>Conatact details:</h4></strong> </div>
<div class="row">
<input name="name" type="text" id="name" value="<?= isset($name) ? $name : ''?>" placeholder="name"/>
</div>
<div class="row">
<input name="$phone" type="text" id="phone" placeholder="phone" value="<?= isset($phone) ? $phone : ''?>"/>
</div>
<div class="row">
<input name="email" type="text" id="email" placeholder="email" value="<?= isset($email) ? $email : ''?>"/>
</div>
<div class="row">
<input type="reset" name="Reset" value="Reset" />
<input type="submit" name="Submit" value="Continue" />
</div>
</form>
Here is the confirm page below:
$number = $_SESSION['booking']['number'];
$phone = $_POST['phone'];
$email = $_POST['email'];
require_once('includes/dbconn.php');
$booking_sql = sprintf("SELECT * FROM calendar, missions WHERE calendar_id = '%d' AND calendar.missions_id = missions.missions_id", $_SESSION['booking']['calendar']);
$booking_query = mysqli_query($dbconn, $booking_sql) or die(mysqli_error());
$rsBooking = mysqli_fetch_assoc($booking_query);
?>
<form action="thanks.php" method="post" name="fmConfirm" id="fmConfirm" display="hidden">
<div class="row"><?php echo $rsBooking['missions_name']; ?></div>
<div class="row"><input type="hidden" name="number" value ="<?php echo $number?>"></input></div>
<div class="row"><input type="hidden" name="name" value ="<?php echo $name?>"></input></div>
<div class="row"><input type="hidden" name="phone" value ="<?php echo $phone?>"></input></div>
<div class="row"><input type="hidden" name="email" value ="<?php echo $email?>"></input></div>
<div class="row"><span class="label"> </span> <span class="element">Edit details</span></div>
<div class="row"><span class="label"> </span><span class="element">
<input type="submit" name="Submit" value="Finsih" />
</span></div>
</form>
Here is my thanks page:
<?php require_once('includes/dbconn.php'); ?>
<?php session_start();
$date = date('Y-m-d');
// $calendar = $_POST['calendar_date'];
$name = $_POST['name'];
$number = $_POST['number'];
$phone = $_POST['phone'];
$email = $_POST['email'];
// $booking_sql = "INSERT into bookings (calendar_id, booking_name,
// booking_number, booking_phone,
// booking_email, booking_date) VALUES ('$calendar','$name', 'number', 'phone', 'email')";
$booking_sql = "INSERT INTO bookings (booking_name,
booking_number, booking_phone,
booking_email, booking_date)
VALUES ('$name','$number','$phone','$date')";
$dbconn->query($booking_sql);
// $sql = "INSERT INTO bookings (booking_fname, booking_lname, booking_email, user_id, date_id)
// VALUES ('$fName','$lName','$email', '$userid', '$dateid')";
// $dbc->query($sql);
$booking_query = mysqli_query($dbconn, $booking_sql);
$_SESSION = array();
// session_destroy();
// if(!isset($_COOKIE['active'])) {
// setcookie('active', 'no', time() + 31536000);
// }
?>
<h2>Booking complete </h2>
<p> </p>
<p>Thank you for choosing <strong>Mountain Bike Missions</strong>.</p>
<p>To check your booking immediately, you can log in with your email address here. At any another time, please use the <strong>Check booking</strong> link in the <strong>Booking</strong> section of the site.</p>
I adjusted your thanks.php a little.
throughout your other scripts you used the procedural syntax of mysqli, in thanks.php you switched to object-syntax
removed all those commented lines
session_start() should always be on top of the program (after ini-directives), if you have in an included file some output by accident it would cause a fatal error otherwise
I used prepared statemnts to work with the data you get from users, this way the formatting of the query can not be broken if there are special characters in the input
enabled display_errors so you get shown your errors (when you are done testing you can remove those lines, you don't want to show technical errormessages to users when going productive)
used trigger_error to catch errors thrown by the database to treat them like php errors
Code looks like this:
<?php
/*
* enable display_errors
*/
ini_set('display_errors', 1);
error_reporting(-1);
/*
* start session, construct connection to db
*/
session_start();
require_once('includes/dbconn.php');
/*
* define your variables
*/
$date = date('Y-m-d');
$name = $_POST['name'];
$number = $_POST['number'];
$phone = $_POST['phone'];
$email = $_POST['email'];
/*
* define your sql-statemnt
* send the statement to the database "preparation"-process
* check if the database had any troubles by asking it for errors
*/
$booking_sql = "INSERT INTO bookings (booking_name, booking_number, booking_phone, booking_email, booking_date) VALUES (?, ?, ?, ?, ?)";
$stmt = mysqli_prepare($dbconn ,$booking_sql);
if(mysqli_errno($dbconn) !== 0){
trigger_error(mysqli_error($dbconn));
}
/*
* bind your variables to the prepared statement
* execute the statement
* again, ask if the database had any troubles
*/
mysqli_stmt_bind_param($stmt, "sssss", $name, $number, $phone, $email, $date);
mysqli_stmt_execute($stmt);
if(mysqli_errno($dbconn) !== 0){
trigger_error(mysqli_error($dbconn));
}
$_SESSION = array();
?>
<h2>Booking complete </h2>
This question already exists:
PHP's white screen of death [duplicate]
Closed 6 years ago.
I'm having a problem where my form is submitting the values but they aren't getting entered into the database?
I have tried echo'ing the $_POST to see what is getting posted and everything is posting as it should but its failing at the point of entering into the database.
Here is my code
if(isset ($_POST["update_detail"])) {
foreach($_POST["id"] AS $id) {
$name = mysqli_real_escape_string($_POST["name"][$id]);
$age = mysqli_real_escape_string($_POST["age"][$id]);
$update1 = "UPDATE `booked_peoples` SET `name` = '$name',`age` = '$age' WHERE `booked_peoples`.`id` = ".$id;
$update2 = mysqli_query($con,$update1);
if($update2){
echo '<script>window.location.href="add_passengers.php?book_id='.$book_id.'";</script>';
}
else {
echo 'OOPS';
} } }
and here is the php form code
if(isset($_GET['book_id']) and $_GET['action']=='edit')
{
$sq_edit_ps = "select * from booked_peoples where booking_id = ".$book_id;
$qr_edit_ps = mysqli_query($con,$sq_edit_ps);
while($rw_edit_ps = mysqli_fetch_array($qr_edit_ps))
{
$ps_id = $rw_edit_ps['id'];
echo '<form action="" method="POST" role="form">';
echo '<div class="row">
<div class="col-sm-9">
<label>Name</label>
<input class="form-control" type="text" name="name['.$ps_id.']" value="'.$rw_edit_ps['name'].'"/>
</div>
<div class="col-sm-3">
<label>Age</label>
<input class="form-control" type="text" name="age['.$ps_id.']" value="'.$rw_edit_ps['age'].'"/>
<input type="hidden" name="id[]" value="'.$ps_id.'"/>
</div>
</div>';
}
echo '
<button class="btn btn-info btn-flat" type="submit" name="update_detail" >Update</button>
</form>
</div>';
}
Im getting code blind.......:(
It was the mysql_real_escape_string that was stopping it form working.
It needed to be $name = mysqli_real_escape_string($con, $_POST["name"][$id]);
Thank you to the poster above for pointing it out :)
Wanted to post the solution in case anyone else comes across the same problem