I am trying to input data into a database.
i have used echo to see if the database is being read, it is and the database echo's as entered, it just does not insert into the database. This is the same code i used for the registration page, apart from a new amendments, and my reg page works perfectly so i am a little confused to why it is not working.
HTML
<!-- <div id="first">-->
<input type="text" id="fname" name="fname" value="" required>
<input type="text" id="lname" name="lname" value="" required>
<input type="text" id="email" name="email" value="" required>
<input type="number" id="phone" name="phone" value="" required>
<input type="submit" name="Update" value="Update">
<br>
PHP
<?php
session_start();
require('../mysql.inc.php');
?>
<?php
if (isset($_POST['Update'])) {
echo $c_fname = $_POST['fname'];
echo $c_lname = $_POST['lname'];
echo $c_email = $_POST['email'];
echo $c_phone = $_POST['phone'];
$insert_det = "INSERT INTO Cus_acc_details(CUS_Fname,CUS_Lname,CUS_Phone,Cus_Email) VALUES (?,?,?,?)";
$stmt = mysqli_prepare($dbc, $insert_det);
mysqli_stmt_bind_param($stmt, 'sssi', $c_fname, $c_lname, $c_email, $c_phone);
if ($insert_det) {
echo " Saved";
}
} else {
echo "<b> Error </b>";
}
?>
Any suggestions
The call to mysqli_stmt_execute() is missing, thus your statement will never be executed.
Try changing your insert query to
$insert_det = "INSERT INTO Cus_acc_details(CUS_Fname,CUS_Lname,Cus_Email,CUS_Phone) VALUES (?,?,?,?)";
$stmt = mysqli_prepare($dbc, $insert_det);
As you are mixing them up when declaring them on the placeholders and are casting email as a integer but trying to insert the phone number as the email and vice versa
Related
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_REQUEST['teamname'];
$email = $_REQUEST['email'];
$password = (md5($_REQUEST['password']));
$query = "UPDATE users SET email = ?,password = ? WHERE name = ?";
$statemnt = $conn->prepare($query);
$statemnt->bind_param('sss',$email,$password,$name);
$statemnt->execute(); echo $name,$email,$password; var_dump();
$statemnt->close(); $conn->close(); } ?>
managed to get the SELECT Statement figured out before this one and still having issues with the UPDATE - a form above this php snippet and is suppose to fill out $email $password and $name
<form method="post" action="">Team Name:<br>
<input type="text" name="teamname" value="<?php echo $name;?>">
<br>Email:<br><input type="text" name="email" value="<?php echo $email;?>">
<br>Password:<br><input type="text" name="password" value="">
<br><br><input type="Submit" value="Update the Record" name="Submit">
</form>
EDITED TO THE FOLLOWING (there is code above this part and below dont expect u want to see the rest of my html code - the bottom is what i am have trouble with):SELECT STATEMENT and var_dump is working but when i enter a password into the form it doesnt trigger the Submit and ultimately the UPDATE Statement - i have worked on it today again to no avail. pls any help would be appreciated not sure what im doing wrong - also var_dump at the bottom is outputing all of the values now
<?php
if (isset($_POST['submit'])) {
$sql = $conn->prepare("UPDATE users SET email=? , password=? WHERE team=?");
$postedemail=$_POST['teamemail'];
$postedpassword= $_POST['teampassword'];
$sql->bind_param("ssi",$postedemail,$postedpassword,$_POST["mySelect"]);
if($sql->execute()) {
$success_message = "Edited Successfully";
} else {
$error_message = "Problem in Editing Record";
}
var_dump($postedpassword);
var_dump($postedemail);
}
$stmt = $conn->prepare("SELECT team, name, email, password FROM users WHERE team = ?");
$stmt->bind_param("i", $_POST["mySelect"]);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
while($rows = $result->fetch_assoc()) {
$name = $rows['name'];
$email = $rows['email'];
$password = $rows['password'];
}
var_dump($password);
var_dump($name);
var_dump($email);
var_dump($_POST['mySelect']);
$stmt->close();
?>
<?php if(!empty($success_message)) { ?>
<div class="success message"><?php echo $success_message; ?></div>
<?php } if(!empty($error_message)) { ?>
<div class="error message"><?php echo $error_message; ?></div>
<?php } ?>
<form name="frmUser" method="post" action="">
<label>NAME:</label>
<input type="text" name="teamname" class="txtField" value="<?php echo $name?>">
<label>EMAIL:</label>
<input type="text" name="teamemail" class="txtField" value="<?php echo $email?>">
<label>PASSWORD</label>
<input type="text" name="teampassword" class="txtField" value="">
<input type="submit" name="submit" value="Submit" class="demo-form-submit">
</form>
thanks
You have this at the begining of your script : $selectedOption = $_POST["mySelect"];
Nowhere in your code (especially in your <form></form>) I see any input named "mySelect"
Add this field in your form and the problem should be solved.
var_dump(); helps a lot debugging.
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
How to construct an SQL query correctly in a PHP script? [duplicate]
Closed 5 years ago.
The expect result is for the data that is submitted through a HTML form, and then the form action is this code below. Proccessing the code below I was expecting it to insert the data from the form into a SQL table called customers. However the data is not being inserted and there is no errors showing on the page.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$uName = $_POST['uname'];
$password = sha1($_POST['upassword']);
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$dob = $_POST['dob'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$postcode = $_POST['postcode'];
echo $uName;
echo $password;
include("dbconn.php");
$sql = "INSERT INTO customers (username, password_hash, customer_foremane, customer_surname, date_of_birth, customer_address1, customer_address2, customer_postcode) VALUES ('$uName', '$password', '$fname', '$lname', '$dob', '$address1', '$address2', '$postcode')";
mysqli_query($conn, $sql);
mysqli_close($conn);
?>
This is the form in which the data is from:
<div id = "reg_form">
<form name="register" action="register_customer.php" method="post">
<p id = "form_text"> Username: </p> <input name="uname" type="text" placeholder="Please enter a user name">
<p id = "form_text"> Password: </p> <input name="upassword" type="password" placeholder="Please enter a password"><br>
<p id = "form_text"> First Name: </p> <input name="fname" type="text" placeholder="Please enter your first name"><br>
<p id = "form_text"> Last Name: </p> <input name="lname" type="text" placeholder="Please enter your last name"><br>
<p id = "form_text"> Date of Birth: </p> <input name="dob" type="text" placeholder="Please enter your date of birth"><br>
<p id = "form_text"> Address 1: </p> <input name="address1" type="text" placeholder="Please enter first line of address"><br>
<p id = "form_text"> Address 2: </p> <input name="address2" type="text" placeholder="Please enter second line of address"><br>
<p id = "form_text"> Postcode: </p> <input name="postcode" type="text" placeholder="Please enter your postcode"><br>
<input name="submit" type="submit">
</form>
</div>
This is the dbconn.php:
<?php
$config = parse_ini_file('config.ini');
$conn = mysqli_connect('localhost',$config['username'],
$config['password'],$config['dbname']);
echo "Connected to the database";
?>
you have to use MySqli Prepared Statements for Inserting the query to make it more secure like below:
// prepare and bind Customers Query
$queryCustomers = $conn->prepare("INSERT INTO customers(username, password_hash, customer_foremane, customer_surname, date_of_birth, customer_address1, customer_address2, customer_postcode) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$queryCustomers->bind_param("ssssssss",$uName,$password,$fname,$lname,$dob,$address1,$address2,$postcode);
// execute Customers Query
$queryCustomers->execute();
// Close Connections
$queryCustomers->close();
To learn more, follow http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
How can I pass the Session into the database when the form is submitted. I try to make this simple for everyone to understand. Thanks for helping me out. I don't quite understand.
PHP- I do have session start as well.
<?php
require('Conn.php');
$statement = $link->prepare("INSERT INTO Database(Client_FN, email) VALUES( :CFN, :Email)");
$ClientFN = $_POST['Client_FN']; <-- I want to insert $_SESSION['first_name'] into the database. - Not sure how to do this?
$ClientEmail = $_POST['email'];
$statement->execute(array(
":CFN" => "$ClientFN");
":Email" => "$ClientEmail");
// Echo Successful attempt
echo "<p Data added to database.</p></br></br>";
$statement = null;
$link = null;
?>
HTML
<label> Name: <input name="Client_FN" type="text"
class="form-control" id="" value="<?php echo $_SESSION['first_name']; ?>"> </label> </div>
<label> Name: <input name="email" type="text"
class="form-control" id="" value=""> </label> </div>
I have read multiple posts on this on here, but none seem to do the trick, maybe i am just misunderstanding as i new to this.
I have a form that inserts into a database and then echo's out the data, perfectly!, my problem is because the form is on a users accounts page, when you logout all the information disappears. I am aware that i will have to save my $_POST variables into a $_SESSION.
But even when saved into a session, the data echo'd out still disappears once logged out, when logging back in. What is the correct way to save a$_POST into a $_SESSION.
I am currently using :
// Save $_POST to $_SESSION
$_SESSION['fname'] = $_POST;
Is there a better way here is my code:
HTML
<section class="container">
<form id="myform " class="Form" method="post" action="Cus_Account.php?c_id=<?php echo $c_id ?>" accept-charset="utf-8">
<!-- <div id="first">-->
<input type="text" id="fname" name="fname" value="<?php echo isset($_POST['fname']) ? $_POST['fname'] : '';?>" required>
<input type="text" id="lname" name="lname" value="<?php echo isset($_POST['lname']) ? $_POST['lname'] : '';?>" required>
<input type="text" id="email" name="email" value="<?php echo $_SESSION['Cus_Email']; ?>" required>
<input type="number" id="phone" name="phone" value="<?php echo isset($_POST['phone']) ? $_POST['phone'] : '';?>"required>
<input type="submit" name="Update" value="Update">
<br>
</form>
PHP
<?php
if (isset($_POST['Update'])) {
$c_fname = $_POST['fname'];
$c_lname = $_POST['lname'];
$c_email = $_POST['email'];
$c_phone = $_POST['phone'];
// Save $_POST to $_SESSION
$_SESSION['fname'] = $_POST;
//query
$insert_det = "INSERT INTO Cus_acc_details(CUS_Fname,CUS_Lname,Cus_Email,CUS_Phone) VALUES (?,?,?,?)";
$stmt = mysqli_prepare($dbc, $insert_det);
//new
// $stmt = mysqli_prepare($dbc, $insert_c);
//debugging
//$stmt = mysqli_prepare($dbc, $insert_c) or die(mysqli_error($dbc));
mysqli_stmt_bind_param($stmt, 'sssi', $c_fname, $c_lname, $c_email, $c_phone);
/* execute query */
$r = mysqli_stmt_execute($stmt);
// if inserted echo the following messges
if ($r) {
echo "<script> alert('registration sucessful')</script>";
}
} else {
echo "<b>Oops! Your passwords do not </b>";
}
?>
The $_SESSION['Cus_Email'] in the form is from another query.
Any help or suggestions would be much appreciated.
$_POST data should only be stored as a session variable temporarily. For example, if your user makes an error:
form.php
<?php
// This function should go in a config file, to escape data:
function html($str){
return htmlspecialchars($str, ENT_QUOTES);
}
$data = $_SESSION['form']['data'];
$errors = $_SESSION['form']['errors'];
?>
<form method="post" action="action.php">
<input type="text" name="fname" value="<?=html($data['fname'])?>" placeholder="First name">
<?php if(isset($errors['fname'])): ?>
<p>ERROR: <?=html($errors['fname'])?></p>
<?php endif; ?>
<input type="text" name="lname" value="<?=html($data['lname'])?>" placeholder="Last name">
<button type="submit">Go</button>
</form>
<?php
unset($_SESSION['form']); // You don't want to keep this data any longer.
action.php
<?php
$data = $_POST;
// Validate the data, for example:
if($data['fname'] == ''){
$errors['fname'] = "First name is required.";
}
if(!empty($errors)){
unset($data['password']); // Do not store passwords in session variables.
$_SESSION['form']['data'] = $data;
$_SESSION['form']['errors'] = $errors;
header("Location: form.php");
die;
}
// Put your database inserts here (no errors)
You should store things like first name, surname, etc, inside your database. Don't store these in $_SESSION other than in the example above.
Hopefully I'm on the right track here. I have a stored procedure prepared to add customer details to my database:
DROP PROCEDURE `sp_add_customer`//
CREATE DEFINER=`test`#`%` PROCEDURE `sp_add_customer`(IN in_name VARCHAR(100), in_address_line_1 VARCHAR(100), in_address_line_2 VARCHAR(100), in_address_line_3 VARCHAR(100), in_city VARCHAR(50), in_county VARCHAR(50), in_phone VARCHAR(30), in_mobile VARCHAR(30), in_email VARCHAR(100))
BEGIN
INSERT INTO customer(name, address_line_1, address_line_2, address_line_3, city, county, phone, mobile, email)
VALUES(in_name, in_address_line_1, in_address_line_2, in_address_line_3, in_city, in_county, in_phone, in_mobile, in_email);
END
I would now like to use this stored procedure with a html form (similar to the one below) to add a customer to my customer table.
<form id="htmlForm" action="add-customer.php" method="post" class="form-horizontal">
<input type="text" class="input-large" placeholder="Customer Name"><br/>
<input type="text" class="input-large" placeholder="Phone"><br/>
<input type="text" class="input-large" placeholder="Mobile"><br/>
<input type="text" class="input-large" placeholder="Email"><br/>
<input type="text" class="input-large" placeholder="Address Line 1"><br/>
<input type="text" class="input-large" placeholder="Address Line 2"><br/>
<input type="text" class="input-large" placeholder="Address Line 3"><br/>
<input type="text" class="input-large" placeholder="City"><br/>
<input type="text" class="input-large" placeholder="County"><br/>
<button type="submit" class="btn">Add Stock</button>
</form>
Could someone please explain to me the PHP code I need to add the details from the customer form to the customer table using the stored procedure.
The add-customer.php file contains:
<?php
//MySQL Database Connect
require once ("includes/config.php")
$name = $_POST['name'];
$phone = $_POST['phone'];
$mobile = $_POST['mobile'];
$email = $_POST['email'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$address3 = $_POST['address3'];
$city = $_POST['city'];
$county = $_POST['county'];
try{
$dbh=config.php();
$stmt = $dbh->prepare('CALL sp_add_customer(:in_name, :in_address_line_1, :in_address_line_2, :in_address_line_3, :in_city, :in_county, :in_phone, :in_mobile, :in_email)');
$stmt->bindParam(':in_name',$name,PDO::PARAM_STR,45);
$stmt->bindParam(':in_address_line_1',$address1,PDO::PARAM_STR,45);
$stmt->bindParam(':in_address_line_2',$address2,PDO::PARAM_STR,45);
$stmt->bindParam(':in_address_line_3',$address3,PDO::PARAM_STR,45);
$stmt->bindParam(':in_city',$city,PDO::PARAM_STR,45);
$stmt->bindParam(':in_county',$county,PDO::PARAM_STR,45);
$stmt->bindParam(':in_phone',$phone,PDO::PARAM_STR,45);
$stmt->bindParam(':in_mobile',$mobile,PDO::PARAM_STR,45);
$stmt->bindParam(':in_email',$email,PDO::PARAM_STR,45);
$stmt->execute();
}
catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
?>
At the moment I'm receiving the following error:
Parse error: syntax error, unexpected T_VARIABLE
Much appreciated.
I hope you know how to send values from html page to php code.
php manual
<?php
$stmt = $dbh->prepare("CALL sp_add_customer(?)");
$stmt->bindParam(1, $return_value, PDO::PARAM_STR, 4000);
// call the stored procedure
$stmt->execute();
print "procedure returned $return_value\n";
?>
OK try this
http://www.joeyrivera.com/2009/using-mysql-stored-procedures-with-php-mysqlmysqlipdo/