This is a project for school. I'm am trying to post to the database, but after I click on submit it comes back with an error about the line with bind_param:
Fatal error: Uncaught Error: Call to a member function bind_param() on boolean in /var/www/html/ticketsysteem/acties/nieuwTicket.php:42 Stack trace: #0 {main} thrown in /var/www/html/ticketsysteem/acties/nieuwTicket.php on line 42
Can somebody help me?
<?php
//var
$naam = trim($_POST["klantNaam"]);
$achternaam = trim($_POST["klantAchternaam"]);
$tel = trim($_POST["klantTel"]);
$adres = trim($_POST["klantAdres"]);
$postcode = trim($_POST["klantPostc"]);
$stad = trim($_POST["klantStad"]);
$email = trim($_POST["klantEmail"]);
//nieuwe klant
if (isset($_POST['submit1'])) {
$insertklant= $connectie->prepare("INSERT INTO klant klantAchternaam = $achternaam,
klantNaam = $naam, klantTel = $tel, klantAdres = $adres, klantPostc = $postcode,
klantStad = $stad, klantEmail = $email");
$insertklant->bind_param('sssssss', $achternaam, $naam, $tel, $adres, $postcode, $stad, $email);
if($insertklant->execute()) {
echo 'gelukt!';
}
}
?>
<form name="nieuwTicket" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
<button onclick="nieuwek()" type="button" id="nk" >nieuwe klant </button>
<label class="hidden01">naam:</label><input id="text1" type="text" name="klantNaam" class="hidden"/><br>
<label class="hidden01">achternaam:</label><input id="text1" type="text" name="klantAchternaam" class="hidden"/><br>
<label class="hidden01">adres:</label><input id="text1" type="text" name="klantAdres" class="hidden"/><br>
<label class="hidden01">postcode:</label><input id="text1" type="text" name="klantPostc" class="hidden"/><br>
<label class="hidden01">woonplaats:</label><input id="text1" type="text" name="klantStad" class="hidden"/><br>
<label class="hidden01">telefoonnummer:</label><input id="text1" type="text" name="klantTel" class="hidden"/><br>
<input type="submit" name="submit1" value="invoeren" class="hidden">
</form>
Learn how to use prepared statements and what they actually do:
<?php
$stmt = $connectie->prepare("
INSERT INTO klant
klantAchternaam = ?,
klantNaam = ?,
klantTel = ?,
klantAdres = ?,
klantPostc = ?,
klantStad = ?,
klantEmail = ?
");
if($stmt){
$stmt->bind_param('sssssss', $achternaam, $naam, $tel, $adres, $postcode, $stad, $email);
if($stmt->execute()) {
echo 'gelukt!';
}
}
?>
Your current code is wide open to sql injection, while the above code is fully secured against them. The whole idea of prepared statements is that you never have to concat user submitted values directly to the sql query.
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
When I go to edit anything other than the image and link I get this error "", although it still updates the item and displays it in my list of products as the new updated info. The parameters and variables match and i have counted a number of times, I am starting to think its something else in the code.
enter image description here
enter image description here
Here is my code for my edit page:
<?php
require_once 'connect.php';
require_once 'header.php';
?>
<!DOCTYPE html>
<html>
<head>
<script src="//cdn.ckeditor.com/4.5.5/standard/ckeditor.js"></script>
</head>
<body>
<div class="container">
<?php
if(isset($_POST['update'])){
if( empty($_POST['category']) || empty($_FILES['image']) || empty($_POST['productname']) || empty($_POST['price']) || empty($_POST['description']) || empty($_POST['details']) || empty($_POST['spec_1']) || empty($_POST['spec_2']) || empty($_POST['spec_3'])|| empty($_POST['spec_4']) || empty($_POST['spec_5']) || empty($_POST['spec_6']) || empty($_POST['spec_7']) || empty($_POST['spec_8']) || empty($_POST['spec_9']) || empty($_POST['spec_10']) || empty($_POST['info_1']) || empty($_POST['info_2']) || empty($_POST['info_3'])|| empty($_POST['info_4']) || empty($_POST['info_5']) || empty($_POST['info_6']) || empty($_POST['info_7']) || empty($_POST['info_8']) || empty($_POST['info_9']) || empty($_POST['info_10']) || empty($_FILES['link_1']) )
{
echo "Please fillout all required fields"; }
$category = $_POST['category'];
$image = $_FILES['image']['name'];
$productname = $_POST['productname'];
$price = $_POST['price'];
$description = $_POST['description'];
$details = $_POST['details'];
$spec_1 = $_POST['spec_1'];
$spec_2 = $_POST['spec_2'];
$spec_3 = $_POST['spec_3'];
$spec_4 = $_POST['spec_4'];
$spec_5 = $_POST['spec_5'];
$spec_6 = $_POST['spec_6'];
$spec_7 = $_POST['spec_7'];
$spec_8 = $_POST['spec_8'];
$spec_9 = $_POST['spec_9'];
$spec_10 = $_POST['spec_10'];
$info_1 = $_POST['info_1'];
$info_2 = $_POST['info_2'];
$info_3 = $_POST['info_3'];
$info_4 = $_POST['info_4'];
$info_5 = $_POST['info_5'];
$info_6 = $_POST['info_6'];
$info_7 = $_POST['info_7'];
$info_8 = $_POST['info_8'];
$info_9 = $_POST['info_9'];
$info_10 = $_POST['info_10'];
$link_1 = $_FILES['link_1']['name'];
if ((!($_FILES['image']['name'])) && (!($_FILES['link_1']['name'])) ) {
$sql = $con->prepare("UPDATE products SET category = ?, productname = ?, price = ?, description = ?, details = ?, spec_1 = ?, spec_2 = ?,
spec_3 = ?, spec_4 = ?, spec_5 = ?, spec_6 = ?, spec_7 = ?, spec_8 = ?, spec_9 = ?, spec_10 = ?, info_1 = ?, info_2 = ?,
info_3 = ?, info_4 = ?, info_5 = ?, info_6 = ?, info_7 = ?, info_8 = ?, info_9 = ?, info_10 = ? WHERE product_id = ?");
$sql->bind_param("sssssssssssssssssssssssssi",$category, $productname, $price, $description, $details, $spec_1, $spec_2, $spec_3, $spec_4, $spec_5, $spec_6, $spec_7, $spec_8, $spec_9, $spec_10, $info_1, $info_2, $info_3, $info_4, $info_5, $info_6, $info_7,$info_8,$info_9,$info_10, $_GET["id"]);
$sql->execute();
}else
$sql = $con->prepare("UPDATE products SET category = ?, image = ?, productname = ?, price = ?, description = ?, details = ?, spec_1 = ?, spec_2 = ?,
spec_3 = ?, spec_4 = ?, spec_5 = ?, spec_6 = ?, spec_7 = ?, spec_8 = ?, spec_9 = ?, spec_10 = ?, info_1 = ?, info_2 = ?,
info_3 = ?, info_4 = ?, info_5 = ?, info_6 = ?, info_7 = ?, info_8 = ?, info_9 = ?, info_10 = ?, link_1 = ? WHERE product_id = ?");
$sql->bind_param("sssssssssssssssssssssssssssi", $category, $image, $productname, $price, $description, $details, $spec_1, $spec_2, $spec_3, $spec_4, $spec_5, $spec_6, $spec_7, $spec_8, $spec_9, $spec_10, $info_1, $info_2, $info_3, $info_4, $info_5, $info_6, $info_7,$info_8,$info_9,$info_10, $link_1, $_GET["id"]);
if($sql->execute()) {
echo "<div class='alert alert-success'>Successfully updated product</div>";
}else{
echo "<div class='alert alert-danger'>Error: There was an error while updating product info</div>";
}
}
$id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
$sql = $con->prepare("SELECT * FROM products WHERE product_id = ?");
$sql->bind_param('i', $id);
$sql->execute();
$result = $sql->get_result();
if($result->num_rows < 1){
header('Location: index.php');
exit;
}
$row = $result->fetch_assoc();
?>
<div class="row">
<div class="col-md-6 col-md-offset-3">
<div class="box2">
<h3><i class="glyphicon glyphicon-plus"></i> Modify Product</h3>
<form action="" method="POST" enctype="multipart/form-data">
<input type="hidden" value="<?php echo $row['product_id']; ?>" name="productid">
<label for="category">Category</label>
<input type="text" id="category" name="category" value="<?php echo $row['category']; ?>" class="form-control"><br>
<label for="name">Image</label><br><br>
<span><?php echo '<img src="Images/'. $row['image'], '" />'?></span><br><br>
<input type="file" name="image" id="image" value="<?php echo $row['image']; ?>" class="form-control"><br>
<label for="name">Name</label>
<input type="text" name="productname" id="name" value="<?php echo $row['productname']; ?>" class="form-control"><br>
<label for="price">Price</label>
<input type="text" name="price" id="price" value="<?php echo $row['price']; ?>" class="form-control"><br>
<label for="description">Description</label>
<input type="text" name="description" id="description" value="<?php echo $row['description']; ?>" class="form-control"><br>
<h3><i class="glyphicon glyphicon-plus"></i> Modify Product Details</h3><br>
<label class="heading" for="heading">Product Details</label><br>
<textarea name="details" id="details" class="form-control ckeditor">
<?php echo $row['details']; ?>
</textarea>
<br>
<h3><i class="glyphicon glyphicon-plus"></i> Modify Specifications</h3><br>
<label class="heading" for="heading">Heading</label>
<input type="text" id="spec_1" name="spec_1" value="<?php echo $row['spec_1']; ?>"class="form-control head_1"><br>
<label class="information" for="information">Information</label>
<input type="text" id="info_1" name="info_1" value="<?php echo $row['info_1']; ?>" class="form-control info_1"><br>
<input type="text" id="spec_2" name="spec_2" value="<?php echo $row['spec_2']; ?>"class="form-control head_2"><br>
<input type="text" id="info_2" name="info_2" value="<?php echo $row['info_2']; ?>" class="form-control info_2"><br>
<input type="text" id="spec_3" name="spec_3" value="<?php echo $row['spec_3']; ?>"class="form-control head_3"><br>
<input type="text" id="info_3" name="info_3" value="<?php echo $row['info_3']; ?>" class="form-control info_3"><br>
<input type="text" id="spec_4" name="spec_4" value="<?php echo $row['spec_4']; ?>"class="form-control head_4"><br>
<input type="text" id="info_4" name="info_4" value="<?php echo $row['info_4']; ?>" class="form-control info_4"><br>
<input type="text" id="spec_5" name="spec_5" value="<?php echo $row['spec_5']; ?>"class="form-control head_5"><br>
<input type="text" id="info_5" name="info_5" value="<?php echo $row['info_5']; ?>" class="form-control info_5"><br>
<input type="text" id="spec_6" name="spec_6" value="<?php echo $row['spec_6']; ?>"class="form-control head_6"><br>
<input type="text" id="info_6" name="info_6" value="<?php echo $row['info_6']; ?>" class="form-control info_6"><br>
<input type="text" id="spec_7" name="spec_7" value="<?php echo $row['spec_7']; ?>"class="form-control head_7"><br>
<input type="text" id="info_7" name="info_7" value="<?php echo $row['info_7']; ?>" class="form-control info_7"><br>
<input type="text" id="spec_8" name="spec_8" value="<?php echo $row['spec_8']; ?>"class="form-control head_8"><br>
<input type="text" id="info_8" name="info_8" value="<?php echo $row['info_8']; ?>" class="form-control info_8"><br>
<input type="text" id="spec_9" name="spec_9" value="<?php echo $row['spec_9']; ?>"class="form-control head_9"><br>
<input type="text" id="info_9" name="info_9" value="<?php echo $row['info_9']; ?>" class="form-control info_9"><br>
<input type="text" id="spec_10" name="spec_10" value="<?php echo $row['spec_10']; ?>"class="form-control head_10"><br>
<input type="text" id="info_10" name="info_10" value="<?php echo $row['info_10']; ?>" class="form-control info_10"><br>
<h3 class="links"><i class="glyphicon glyphicon-plus"></i> Add New Links</h3><br>
<label class="links" for="links">Links</label><br><br>
<span><?php echo $row['link_1']?></span>
<input type="file" name="link_1" id="link_1" value="<?php echo $row['link_1']; ?>" class="form-control"><br>
<br>
<br>
<br>
<input type="submit" name="update" class="btn btn-success button2" value="Update">
</form>
</div>
</div>
</div>
</div>
</body>
</html>
Your help would be greatly appreciated and apologies I am still new and first attempt at a crud system.
Thank you.
The problem is you didn't open { at else line 61 so:
}else
$sql = $con->prepare
to:
}else{
$sql = $con->prepare
I've tried making a website which has a database connected to it and I'm getting the error message below
INSERT INTO Diák (oktatási_id, vezeték_név, kereszt_név, évfolyam, születési_dátum, város, utca, házszám, irányítószám, szak, kar)
values (:oktatási_id, :vezeték_név, :kereszt_név, :évfolyam, :születési_dátum, :város, :utca, :házszám, :irányítószám, :szak, :kar)
SQLSTATE[HY093]: Invalid parameter number: number of bound variables
does not match number of tokens
This is my PHP code that I have written below
<?php
require "../config.php";
require "../common.php";
if (isset($_POST['submit'])) {
if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die();
try {
$connection = new PDO($dsn, $username, $password, $options);
$new_user = array(
"oktatási_id" => $_POST['oktatási_id'],
"vezeték_név" => $_POST['vezeték_név'],
"kereszt_név" => $_POST['kereszt_név'],
"évfolyam" => $_POST['évfolyam'],
"születési_dátum" => $_POST['születési_dátum'],
"város" => $_POST['város'],
"utca" => $_POST['utca'],
"házszám" => $_POST['házszám'],
"irányítószám" => $_POST['irányítószám'],
"szak" => $_POST['szak'],
"kar" => $_POST['kar'],
);
$sql = sprintf(
"INSERT INTO %s (%s) values (%s)",
"Diák",
implode(", ", array_keys($new_user)),
":" . implode(", :", array_keys($new_user))
);
$statement = $connection->prepare($sql);
$statement->execute($new_user);
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
?>
<?php require "templates/header.php"; ?>
<?php if (isset($_POST['submit']) && $statement) : ?>
<blockquote><?php echo escape($_POST['kereszt_név']); ?> adatát sikeresen hozzá adtuk az adatbázishoz.</blockquote>
<?php endif; ?>
<h2>Felhasználó hozzáadása az adatbázishoz</h2>
<form method="post">
<input name="csrf" type="hidden" value="<?php echo escape($_SESSION['csrf']); ?>">
<label for="oktatási_id">oktatási_id</label>
<input type="text" name="oktatási_id" id="oktatási_id">
<label for="vezeték_név">Vezeték Név</label>
<input type="text" name="vezeték_név" id="vezeték_név">
<label for="kereszt_név">Kereszt Név</label>
<input type="text" name="kereszt_név" id="kereszt_név">
<label for="évfolyam">évfolyam</label>
<input type="text" name="évfolyam" id="évfolyam">
<label for="születési_dátum">Születési dátum</label>
<input type="date" name="születési_dátum" id="születési_dátum">
<label for="város">város</label>
<input type="text" name="város" id="város">
<label for="utca">utca</label>
<input type="text" name="utca" id="utca">
<label for="házszám">házszám</label>
<input type="text" name="házszám" id="házszám">
<label for="irányítószám">irányítószám</label>
<input type="text" name="irányítószám" id="irányítószám">
<label for="kar">kar</label>
<input type="text" name="kar" id="kar">
<label for="szak">szak</label>
<input type="text" name="szak" id="szak">
<input type="submit" name="submit" value="Submit">
</form>
Vissza a kezdő oldalra
<?php require "templates/footer.php"; ?>
It took me a while to find, but I believe that PDO::prepare passes the named parameters through a regular expression [:][a-zA-Z0-9_]+. https://github.com/php/php-src/blob/master/ext/pdo/pdo_sql_parser.re#L48. Your diacritic characters are being clobbered.
The only alternative that I know about it to use unnamed placeholders instead - ?. Something like:
$sql = sprintf(
"INSERT INTO %s (%s) values (%s)",
"Diak",
implode(", ", array_keys($new_user)),
implode(', ', array_fill(0, sizeof($new_user), '?'))
);
Which will produce:
INSERT INTO Diák (oktatási_id, vezeték_név, kereszt_név, évfolyam, születési_dátum, város, utca, házszám, irányítószám, szak, kar) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
You'll then have to change your execute method as follows:
$statement->execute(array_values($new_user));
I'm playing around with a form trying to learn PDO.
The problem is that nothing is submitted. Nothing is saved and I don´t receive any errors.
I have a class (ABB). In that class I have a function called "spara_abb" (along with several functions used in the script).
Questions:
Is there any way to complete this code to work?
Is this the right way to solve this?
Any suggestions?
The form:
<?php
if (isset($_POST["submit"])){
$save_abb = $abb->spara_abb($_POST['ident']);
}
?>
<!-- FORM START - Create new ABB -->
<form action="abb_ny.php?amne_id=<?php echo $_GET['amne_id']; ?>&abb_arskurs=<?php echo $_GET['abb_arskurs']; ?>" method="post" enctype="multipart/form-data" id="sky-form1" class="sky-form">
<input type='Hidden' name='lid' value='<? echo $_SESSION['lid']; ?>'>
<input type='Hidden' name='datum' value='<? echo date('Y-m-d'); ?>'>
<input type='Hidden' name='ident' value='<? echo $abb->skapa_ident($_GET['amne_id']); ?>'>
<input type='Hidden' name='amne_id' value='<? echo $_GET['amne_id']; ?>'>
<input type='Hidden' name='arskurs' value='<? echo $_GET['abb_arskurs']; ?>'>
<input type='Hidden' name='aktiv' value='1'>
<header>Skapa ny ABB</header>
<fieldset>
<section>
<label class="label">Arbetsomrade</label>
<label class="input">
<i class="icon-append fa fa-tag"></i>
<input type="text" name="arbetsomrade" id="arbetsomrade" placeholder="Arbetsområde">
</label>
</section>
<label class="label">Syfte</label>
<section>
<label class="textarea">
<i class="icon-append fa fa-comment"></i>
<textarea rows="5" name="syfte" placeholder="Syfte"></textarea>
</label>
</section>
<label class="label">Overgripande mal</label>
<section>
<label class="textarea">
<i class="icon-append fa fa-comment"></i>
<textarea rows="5" name="overgripande_mal" placeholder="Övergripande mål"></textarea>
</label>
</section>
<label class="label">Undervisning</label>
<section>
<label class="textarea">
<i class="icon-append fa fa-comment"></i>
<textarea rows="5" name="undervisning" placeholder="Undervisning"></textarea>
</label>
</section>
<label class="label">Redovisningsform</label>
<section>
<label class="textarea">
<i class="icon-append fa fa-comment"></i>
<textarea rows="5" name="redovisningsform" placeholder="Redovisningsform"></textarea>
</label>
</section>
</fieldset>
<footer>
<button type="submit" name="Spara" value="Spara" class="btn-u">Save ABB</button>
</footer>
</form>
<!-- END FORM -->
The function called from my class ABB:
# Save ABB
public function spara_abb($ident) {
// Does IDENT exist?
$abb_existerar = $this->abb_existerar($ident);
try{
if ($abb_existerar === true){
$query2 = $this->db->prepare("
UPDATE `abb` SET `arbetsomrade` = :arbetsomrade,`syfte` = :syfte,
`overgripande_mal` = :overgripande_mal, `undervisning` = :undervisning,
`redovisningsform` = :redovisningsform, `lid` = :lid, `datum` = :datum,
`aktiv` = :aktiv
WHERE (`ident`=:ident)");
$query2->bindParam(':ident', $ident, PDO::PARAM_STR);
$query2->bindParam(':arskurs', $arskurs, PDO::PARAM_STR);
$query2->bindParam(':amne_id', $amne_id, PDO::PARAM_INT);
$query2->bindParam(':arbetsomrade', $arbetsomrade, PDO::PARAM_STR);
$query2->bindParam(':syfte', $syfte, PDO::PARAM_STR);
$query2->bindParam(':overgripande_mal', $overgripande_mal, PDO::PARAM_STR);
$query2->bindParam(':undervisning', $undervisning, PDO::PARAM_STR);
$query2->bindParam(':redovisningsform', $redovisningsform, PDO::PARAM_STR);
$query2->bindParam(':lid', $lid, PDO::PARAM_INT);
$query2->bindParam(':datum', $datum, PDO::PARAM_STR);
$query2->bindParam(':aktiv', $aktiv, PDO::PARAM_INT);
$query2->execute();
}else {
$query2 = $this->db->prepare("
INSERT INTO `abb`
(ident, arskurs, amne_id, arbetsomrade, syfte, overgripande_mal, undervisning, redovisningsform,lid,datum,aktiv) VALUES (:ident, :arskurs, :arbetsomrade, :syfte, :overgripande_mal, :undervisning,
:redovisningsform, :lid, :datum, :aktiv) ");
$query2->bindParam(':ident', $ident, PDO::PARAM_STR);
$query2->bindParam(':arskurs', $arskurs, PDO::PARAM_STR);
$query2->bindParam(':amne_id', $amne_id, PDO::PARAM_INT);
$query2->bindParam(':arbetsomrade', $arbetsomrade, PDO::PARAM_STR);
$query2->bindParam(':syfte', $syfte, PDO::PARAM_STR);
$query2->bindParam(':overgripande_mal', $overgripande_mal, PDO::PARAM_STR);
$query2->bindParam(':undervisning', $undervisning, PDO::PARAM_STR);
$query2->bindParam(':redovisningsform', $redovisningsform, PDO::PARAM_STR);
$query2->bindParam(':lid', $lid, PDO::PARAM_INT);
$query2->bindParam(':datum', $datum, PDO::PARAM_STR);
$query2->bindParam(':aktiv', $aktiv, PDO::PARAM_INT);
$query2->execute();
}
}catch(PDOException $e){
die($e->getMessage());
}
} // END save ABB
You can add all the form variables inside of an array and send it to the function like this:
$array = Array(':ident' => array($_POST['ident'], PDO::PARAM_INT),
':lid' => array($_POST['lid'], PDO::PARAM_INT),
':datum' => array($_POST['datum'], PDO::PARAM_STR),
':amne_id' => array($_POST['amne_id'], PDO::PARAM_INT));
$save_abb = $abb->spara_abb($array);
Now in class you could do something like this:
# Save ABB
public function spara_abb($array) {
// Does IDENT exist?
$abb_existerar = $this->abb_existerar($array);
try{
if ($abb_existerar === true){
$query2 = $this->db->prepare("
UPDATE `abb` SET `arbetsomrade` = :arbetsomrade,`syfte` = :syfte,
`overgripande_mal` = :overgripande_mal, `undervisning` = :undervisning,
`redovisningsform` = :redovisningsform, `lid` = :lid, `datum` = :datum,
`aktiv` = :aktiv
WHERE (`ident`=:ident)");
foreach($array as $key => $val){
$query2->bindParam($key,$val[0],$val[1]);
}
$query2->execute();
....
....
That way you pass all the variables to the class. I would recommend to make sure that all the variables exist with the function isset(), for example:
$idnent = isset($_POST['ident'])? $_POST['ident'] : '';
edit: Use var_dump($array);
to print all the array and see if this is what you wanted.
I have this code below to insert in my Admins table the data that I store when when I fills the fields.
The insert is working fine, but Im having two notices and I´m trying to solve this but Im not finding a good method.
Somebody there can give a little help?
the two notices Im having:
-> Undefined index: date in $insertAdmin->bindValue(':avatar', $f['avatar']);
-> Undefined index: date in $insertAdmin->bindValue(':date_register', $f['date']);
My code:
if(isset($_POST['sendForm']))
{
$f['name'] = $_POST['name'];
$f['email'] = $_POST['email'];
//$f['avatar'] = $_POST['avatar'];
$f['date'] = $_POST['date_register'];
if(in_array('',$f))
{
echo 'Please, fill all fields.';
}
else
{
if(!empty($_FILES['avatar']['tmp_name']))
{
$image = $_FILES['avatar'];
$tmp = $imagem['tmp_name'];
$folder = '../uploads/avatars/';
$ext = substr($image['name'],-3);
$name = md5(time()).'.'.$ext;
$f['avatar'] = $name;
uploadImage($tmp, $name, '200', $folder);
}
$insertAdmin = $pdo->prepare("INSERT INTO admin (name, email, avatar, date_register) VALUES (:name, :email, :avatar, :date_register)");
$insertAdmin->bindValue(':name', $f['name']);
$insertAdmin->bindValue(':email', $f['email']);
$insertAdmin->bindValue(':avatar', $f['avatar']);
$insertAdmin->bindValue(':date_register', $f['date']);
}
}
My form:
<form name="form" action="" method="post" enctype="multipart/form-data">
<label class="line">
<span class="data">Name:</span>
<input type="text" name="name" value="<?php if(isset($f['name'])) echo $f['name'] ; ?>" />
</label>
<label class="line">
<span class="data">Email:</span>
<input type="text" name="email" value="<?php if(isset($f['email'])) echo $f['email'] ; ?>" />
</label>
<label class="line">
<span class="data">Avatar:</span>
<input type="file" class="fileinput" name="avatar" size="60" />
</label>
<label class="line">
<span class="data">Date of register:</span>
<input type="text" name="date_register" id="date" value="<?php if(isset($f['date'])) echo $f['date']; else echo date('d/m/Y H:i:s');?>" />
</label>
<input type="submit" value="Register" name="sendForm"/>
</form>
I see no valid reason to have the $f variable, it just makes it confusing.
I would personaly use the POST directly
if(isset($_POST['sendForm']
isset($_POST['name'] &&
isset($_POST['email'] &&
isset($_POST['avatar'] &&
isset($_POST['date'] &&){
//Insert
}else{
//please fill out everything
}
then execute like this
$insertAdmin = $pdo->prepare("INSERT INTO admin (name, email, avatar, date_register) VALUES (:name, :email, :avatar, :date_register)");
$insertAdmin->bindValue(':name', $_POST['name']);
$insertAdmin->bindValue(':email', $_POST['email']);
$insertAdmin->bindValue(':avatar', $_POST['avatar']);
$insertAdmin->bindValue(':date_register', $_POST['date']);
//do not forget to execute
$insertAdmin->execute();
You have a spelling error:
$f['date'] = $_POST['data_register'];
Needs to be:
$f['date'] = $_POST['date_register'];
//----------------------^
Which explains why $f['date'] is undefined.
use below an check again.
if(isset($_POST['sendForm']))
{
$f['name'] = $_POST['name'];
$f['email'] = $_POST['email'];
$f['avatar'] = $_POST['avatar'];
$f['date'] = $_POST['date_register'];
if(in_array('',$f))
{
echo 'Please, fill all fields.';
}
else
{
if(!empty($_FILES['avatar']['tmp_name']))
{
$image = $_FILES['avatar'];
$tmp = $imagem['tmp_name'];
$folder = '../uploads/avatars/';
$ext = substr($image['name'],-3);
$name = md5(time()).'.'.$ext;
$f['avatar'] = $name;
uploadImage($tmp, $name, '200', $folder);
}
$insertAdmin = $pdo->prepare("INSERT INTO admin (name, email, avatar, date_register) VALUES (:name, :email, :avatar, :date_register)");
$insertAdmin->bindValue(':name', $f['name']);
$insertAdmin->bindValue(':email', $f['email']);
$insertAdmin->bindValue(':avatar', $f['avatar']);
$insertAdmin->bindValue(':date_register', $f['date']);
}
}
For the last 5 hours I've been trying to figure out why this form won't insert data into MySQL when it seems to be correct.
Form
<form action="insertComment.php" method="POST">
<input type="hidden" name="article_id" value="<?php echo $article_uid;?>">
<input type="text" name="name" placeholder="Enter your name" required/>
<input type="email" name="email" placeholder="Enter your email" required/>
<textarea type="text" name="comment" placeholder="Join the discussion..." required></textarea>
<input type="submit" class="submit" value="Submit Comment"/>
</form>
then on comment.php
include '../../../libraries/phpClass/commentClass.php';
$commentClass = new commentClass();
if(isset($_POST['name']) AND isset($_POST['email']) AND isset($_POST['comment']) AND isset($_POST['article_id']))
{
$name = $_POST['name'];
$email = $_POST['email'];
$comment = $_POST['comment'];
$article_id = $_POST['article_id'];
$data = $commentClass->insertComment($name, $email, $comment, $article_id);
}
and this is the public function..
public function insertComment($name, $email, $comment, $article_id)
{
$sth = $this->db->prepare("INSERT INTO articles_comment(name, email, comment, article_id) VALUES (:name, :email, :comment, :article_id)");
$sth->execute(array(
':name' => $name,
':email' => $email,
':comment' => $comment,
':article_id' => $article_id
));
}
from what I can see there isn't anything wrong and I haven't been able to see anything why it wouldn't insert the values.. there are no errors whatsoever either..