I've been looking at this for the last hour and cannot see why this wont work? It is carried out in a bootstrap modal via AJAX.
For some reason SupplierUpdate will not get updated in the database. (It is a timestamp)
$conn = new PDO("mysql:host=$hostname; dbname=$username;charset=utf8", $username, $password, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "UPDATE Suppliers SET UpdateTime=:UpdateTime, Code1=:Code1, Code1Desc=:Code1Desc, Code2=:Code2, Code2Desc=:Code2Desc, Code3=:Code3, Code3Desc=:Code3Desc WHERE UserID ='$UserID'";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':Code1', $_POST['Code1'], PDO::PARAM_STR);
$stmt->bindParam(':Code1Desc', $_POST['Code1Desc'], PDO::PARAM_STR);
$stmt->bindParam(':Code2', $_POST['Code2'], PDO::PARAM_STR);
$stmt->bindParam(':Code2Desc', $_POST['Code2Desc'], PDO::PARAM_STR);
$stmt->bindParam(':Code3', $_POST['Code3'], PDO::PARAM_STR);
$stmt->bindParam(':Code3Desc', $_POST['Code3Desc'], PDO::PARAM_STR);
$stmt->bindParam(':UpdateTime', $_POST['Update'], PDO::PARAM_STR);
$stmt->execute();
<input type="text" name="SupplierUpdate" id="SupplierUpdate" value="<?php echo $timestamp ?>">
Your input type name="SupplierUpdate"
But i dont see you are binding it with this name
you are using $_POST['Update']
you may try to debug it like below...
if($conn){
$stmt = $conn->prepare($sql);
}
else{
echo "not connected";
}
Then, set your date format forcefully like,
$upd_tim = date('Y-m-d H:i:s', strtotime($_POST['Update']));
$stmt->bindParam(':UpdateTime', $upd_tim, PDO::PARAM_STR);
Then, after the execute(),
echo $stmt->rowCount();
Related
I'm trying to insert a date into the database using the following code, I get the following error: Error: SQLSTATE[22007]: Invalid datetime format: 7 ERROR: invalid input syntax for type date: ""
So the date is not being passed, yet I can return the date from the POST: echo $_SESSION['dateOpen']; this returns the date as 2014-06-01
I'm a bit of a noob, so any suggestions are welcome. Using postgresql database.
try {
$sql2 = "INSERT INTO excavation.contexts_spatial
(area_easting,
area_northing,
context_number,
open_date,
close_date,
excavation_method,
contamination,
zooarchaeology_comments,
ceramic_comments) VALUES (
:area_easting,
:area_northing,
:context_number,
:open_date,
:close_date,
:excavation_method,
:contamination,
:zooarchaeology_comments,
:ceramic_comments)";
$stmt2 = $conn->prepare($sql2);
// prepare sql and bind parameters
$stmt2->bindParam(':area_easting', $area_easting, PDO::PARAM_INT);
$stmt2->bindParam(':area_northing', $area_northing, PDO::PARAM_INT);
$stmt2->bindParam(':context_number', $nextContext, PDO::PARAM_INT);
$stmt2->bindParam(':open_date', $open_date, PDO::PARAM_STR);
$stmt2->bindParam(':close_date', $close_date, PDO::PARAM_STR);
$stmt2->bindParam(':excavation_method', $excavation_method, PDO::PARAM_STR);
$stmt2->bindParam(':contamination', $contamination, PDO::PARAM_STR);
$stmt2->bindParam(':zooarchaeology_comments', $excavation_method, PDO::PARAM_STR);
$stmt2->bindParam(':ceramic_comments', $excavation_method, PDO::PARAM_STR);
// insert a row
$area_easting = $_SESSION['area_easting'];
$area_northing = $_SESSION['area_northing'];
$nextContext = $_SESSION['nextContext'];
$open_date = $_SESSION['dateOpen'];
$close_date = $_SESSION['dateClose'];
$excavation_method = $_SESSION['excavationMethod'];
$contamination = $_SESSION['contamination'];
$zooarchaeology_comments = $_SESSION['zooarchaeologyComments'];
$ceramic_comments = $_SESSION['ceramicComments'];
$stmt2->execute();
echo "New records created successfully in contexts spatial<br />";
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}
You are executing the query twice: Once before you assign your session variables to the parameters you have bound in the query and once after.
You need to remove the first $stmt2->execute(); statement.
Fatal error: Call to a member function prepare() on a non-object in
/home/melazabi/public_html/assigment/The/include/process.php on line
15
// check if the username exists in the database
// line 15 is the one below:
$statement = $conn->prepare("select * from users where username=? AND password=?");
//prepare statment is to try to stop sql injection
$statement->bindParam(1, $un);
$statement->bindParam (2, $pw);
$statement->execute();
As per what you shown in your comment:
You're using a mysql_* based connection
$conn = mysql_connect('localhost','admin','admin') or die("error2"); mysql_select_db("admin") or die("error");
with a PDO query.
You need to use: (replace with actual DB credentials)
$dbname = 'admin';
$username = 'admin';
$password = 'admin';
$conn = new PDO("mysql:host=localhost;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
The error is telling you the your query failed for any number of reasons.
Your db connection failed, either authentication problem or complete failure to connect.
Your params are not defined correctly.
you can debug this by
print_r($statement->errorInfo());
this will give you what the error returned by sql was.
also make user variables are set. If i were to guess not having seen the rest of your code. you probably want $_POST['un'] and $_POST['pw']
echo $un;
echo $pw;
edit
connect to db:
$conn = new PDO('mysql:host='SERVERADDRESS';dbname=DBNAME;charset=utf8', 'USERNAME', 'PASSWORD');
then your query
$statement = $conn->prepare("select * from users where username=? AND password=?");
//prepare statment is to try to stop sql injection
$statement->bindParam(1, $un);
$statement->bindParam (2, $pw);
$statement->execute();
Sirs! I have a php script that handles multiple row update with PDO.
I want to add a checkbox that updates my database specific column by timestamp 30days from now if ticked.
The problem is ofc, when it is not ticked, there would be no value sent to its key, so I would end up with: It returns this error
Uncaught exception 'PDOException' with message SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use...
So I'm asking for help if there's turn around for this, here is my PHP code:
if (isset($_POST['submit'])) {
$stmt = $db->prepare("UPDATE `$tbl_name` SET `ssl`=:ssl, `exp`=:exp, `country`=:country, WHERE id=:id");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->bindParam(':ssl', $ssl, PDO::PARAM_STR);
$stmt->bindParam(':exp', $exp, PDO::PARAM_STR);
$stmt->bindParam(':country', $country, PDO::PARAM_STR);
foreach ($_POST['ssl'] as $id => $ssl) {
if(isset($_POST['thirtydays'][$id])){
$exp = $_POST['thirtydays'][$id];
}
$country = $_POST['country'][$id];
$stmt->execute();
}
echo '<h1>Updated the records.</h1>';
}
exp is the timestamp column. Here is the checkbox as HTML:
<input type="checkbox" name="thirtydays[80]" value="2014-02-04 04:04:53">
<input type="text" name="country[80]" value="DE" />
<input type="text" name="ssl[80]" value="false"/>
Note the structure: thirtydays[$id], the timestamp in value is generated by date( "Y-m-d H:i:s",strtotime("+30 days"))
Hope somebody can help me. Thanks in advance and more power.
$exp=''; $country=''; $ssl='';
if (isset($_POST['submit'])) {
$stmt = $db->prepare("UPDATE `$tbl_name` SET `ssl`=:ssl, `exp`=:exp, `country`=:country WHERE id=:id");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->bindParam(':ssl', $ssl, PDO::PARAM_STR);
$stmt->bindParam(':exp', $exp, PDO::PARAM_STR);
$stmt->bindParam(':country', $country, PDO::PARAM_STR);
foreach ($_POST['ssl'] as $id => $ssl) {
if(isset($_POST['thirtydays'][$id])){ $exp = $_POST['thirtydays'][$id]; }
$country = $_POST['country'][$id];
$stmt->execute();
}
echo '<h1>Updated the records.</h1>';
Query is executed only when checkbox is checked since if (isset($_POST['thirtydays'][$id]))
Also you set the $exp variable after you bind it to statement.
Same goes to $country variable
if (isset($_POST['submit'])) {
$stmt = $db->prepare("UPDATE `$tbl_name` SET `ssl`=:ssl, `exp`=:exp, `country`=:country WHERE id=:id");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->bindParam(':ssl', $ssl, PDO::PARAM_STR);
foreach ($_POST['ssl'] as $id => $ssl) {
if(isset($_POST['thirtydays'][$id])){
$exp = $_POST['thirtydays'][$id];
} else {
$exp = '';
}
$country = $_POST['country'][$id];
$stmt->bindParam(':exp', $exp, PDO::PARAM_STR);
$stmt->bindParam(':country', $country, PDO::PARAM_STR);
$stmt->execute();
}
echo '<h1>Updated the records.</h1>'; }
You have comma just before WHERE in your statement. This may be the problem.
To all who wonders (probably) what's actually wrong with the OP's code: inside the UPDATE `$tbl_name` SET `ssl`=:ssl, `exp`=:exp, `country`=:country, WHERE id=:id, the comma before WHERE is a syntax error. That's all.
Using PDO, I am trying to run two prepared statements within a transaction. I only want the second prepared statement to run if the first one executes successfully and vice versa.
//Open Database Connection
$dbh = new PDO("mysql:host=$host;dbname=$dbname", $user, $pwd);
//Set Error Handling
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//Run First Prepared Statement
$sql = 'UPDATE listers SET
first_name = :first_name,
last_name = :last_name,
address = :address,
apt = :apt,
city = :city,
state = :state,
zip_1 = :zip_1,
phone_prefix = :phone_prefix,
phone_first = :phone_first,
phone_last = :phone_last
WHERE lister_id = :lister_id';
try {
$dbh->beginTransaction();
$result = $dbh->prepare($sql);
$result->bindParam(':first_name', $_POST['first_name'], PDO::PARAM_STR);
$result->bindParam(':last_name', $_POST['last_name'], PDO::PARAM_STR);
$result->bindParam(':address', $_POST['address'], PDO::PARAM_STR);
$result->bindParam(':apt', $_POST['apt'], PDO::PARAM_STR);
$result->bindParam(':city', $_POST['city'], PDO::PARAM_STR);
$result->bindParam(':state', $_POST['state'], PDO::PARAM_STR);
$result->bindParam(':zip_1', $_POST['zip_1'], PDO::PARAM_INT);
$result->bindParam(':phone_prefix', $phone_1_prefix, PDO::PARAM_INT);
$result->bindParam(':phone_first', $phone_1_first, PDO::PARAM_INT);
$result->bindParam(':phone_last', $phone_1_last, PDO::PARAM_INT);
$result->bindParam(':lister_id', $_GET['lister_id'], PDO::PARAM_INT);
$result->execute();
//Run Second Prepared Statement
$current_date = time(); //Current Date/time in Unix format
$sql = 'INSERT INTO hidddstory_details SET
history_id = :history_id,
listing_type = "lister",
date_added = :date_added,
listing_id = :listing_id';
$result = $dbh->prepare($sql);
$result->bindParam(':history_id', $account_edited_admin, PDO::PARAM_INT);
$result->bindParam(':date_added', $current_date, PDO::PARAM_INT);
$result->bindParam(':listing_id', $row['lister_id'], PDO::PARAM_INT);
$result->execute();
$dbh->commit();
} catch(PDOException $e) {
$error = '<div id="error"><p class="error_message">The account could not be edited due to a system error. We apologize for any inconvenience.</p></div>';
$dbh->rollBack();
echo errorHandle($e);
}
When I load the page without any syntax errors, it runs the prepared statements correctly. When I purposefully add some letters to the history_details table name, as you can see above, it displays the error message relating to the incorrect table name, as it should. Unfortunately though, it doesn't rollback the first prepared statement, so when I check the listers table, it has actually updated that table, which it shouldn't.
How can I run multiple prepared statements in a transaction?
Examine the storage engine for the table you are trying to perform transactions on to ensure that it in fact supports transactions. As far as I know InnoDB is on the only format that currently supports transactions. Engines that do not support transactions will silently do nothing, no errors will be issued nor will any rollback be done.
I have two stored procedures in my database Postgres, both have the same name but the difference are the parameters.
procedure1(::string, ::integer, ::string, ::integer)
procedure1(::string, ::integer, ::integer)
In PDO doing bindParam correct, is coming STR, INT, INT but the prepere always performs procedure1.
How do I get him to understand what I call the procedure2?
Some information for more help? I clear? thanks
EDIT ===
...
$bounds = null; // forced for debug
if(!is_null($bounds)){
$query = "SELECT procedure1(:name, :domain, :geo, :userid)";
$stmt = $db->prepare($query);
$stmt->bindParam('name', $name, PDO::PARAM_STR);
$stmt->bindParam('domain', $idDomain, PDO::PARAM_INT);
$stmt->bindParam('geo', $geoString, PDO::PARAM_STR);
$stmt->bindParam('userid', $userId, PDO::PARAM_INT);
}else{
$query = "SELECT procedure1(:name, :domain, :userid)";
$stmt = $db->prepare($query);
$stmt->bindParam('name', $name, PDO::PARAM_STR);
$stmt->bindParam('domain', $idDomain, PDO::PARAM_INT);
$stmt->bindParam('userid', $userId, PDO::PARAM_INT);
}
$result = $stmt->execute();
...
The error it gives is that he is running a procedure that requires four parameters
Try changing your $query statements to explicitly tell PDO the types, and to avoid extra code switch to bindValue (PDO uses the PARAM flags to format SQL, not to cast data types):
$bounds = null; // forced for debug
if(!is_null($bounds)){
$query = "SELECT procedure1(:name::VARCHAR, :domain::INTEGER, :geo::VARCHAR, :userid::INTEGER)";
$stmt = $db->prepare($query);
$stmt->bindValue('name', $name);
$stmt->bindValue('domain', $idDomain);
$stmt->bindValue('geo', $geoString);
$stmt->bindValue('userid', $userId);
}else{
$query = "SELECT procedure1(:name::VARCHAR, :domain::INTEGER, :userid::INTEGER)";
$stmt = $db->prepare($query);
$stmt->bindValue('name', $name);
$stmt->bindValue('domain', $idDomain);
$stmt->bindValue('userid', $userId);
}
$result = $stmt->execute();