For the last 5 hours I've been trying to figure out why this form won't insert data into MySQL when it seems to be correct.
Form
<form action="insertComment.php" method="POST">
<input type="hidden" name="article_id" value="<?php echo $article_uid;?>">
<input type="text" name="name" placeholder="Enter your name" required/>
<input type="email" name="email" placeholder="Enter your email" required/>
<textarea type="text" name="comment" placeholder="Join the discussion..." required></textarea>
<input type="submit" class="submit" value="Submit Comment"/>
</form>
then on comment.php
include '../../../libraries/phpClass/commentClass.php';
$commentClass = new commentClass();
if(isset($_POST['name']) AND isset($_POST['email']) AND isset($_POST['comment']) AND isset($_POST['article_id']))
{
$name = $_POST['name'];
$email = $_POST['email'];
$comment = $_POST['comment'];
$article_id = $_POST['article_id'];
$data = $commentClass->insertComment($name, $email, $comment, $article_id);
}
and this is the public function..
public function insertComment($name, $email, $comment, $article_id)
{
$sth = $this->db->prepare("INSERT INTO articles_comment(name, email, comment, article_id) VALUES (:name, :email, :comment, :article_id)");
$sth->execute(array(
':name' => $name,
':email' => $email,
':comment' => $comment,
':article_id' => $article_id
));
}
from what I can see there isn't anything wrong and I haven't been able to see anything why it wouldn't insert the values.. there are no errors whatsoever either..
Related
Iam trying to update my form fields with a simple update statement. However when I execute the statement it wont update.
Iam using PDO::FECTH_CLASS to store my values into my object, and thats how I check if the id is equal to the id I want to update.
This is my code:
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
try{
$firstname = $_POST['firstname'];
$paragraph = $_POST['paragraph'];
$company = $_POST['companyName'];
$q = 'UPDATE `testimonials` SET paragraph`= :paragraph,
`name`= :name,
`company`=:company,
`dateAdded`= NOW()
WHERE `id` =:id';
$stmt = $pdo->prepare($q);
$stmt->execute(array( ':id' => $testimonials->getId(), ':paragraph' => $paragraph, ':name' => $firstname, ':company' => $company));
}catch( PDOException $Exception ) {
throw new MyDatabaseException( $Exception->getMessage( ) , (int)$Exception->getCode( ) );
}
}
?>
<section>
<form action="" method="POST">
<label for=""></label>
<input type="text" name="firstname" value="<?php echo $testimonials->getName();?>">
<input type="text" name="companyName" value="<?php echo $testimonials->getCompany(); ?>">
<textarea name="paragraph"><?php echo $testimonials->getParagraph(); ?></textarea>
<input type="submit" name="submit">
</form>
</section>
This is a project for school. I'm am trying to post to the database, but after I click on submit it comes back with an error about the line with bind_param:
Fatal error: Uncaught Error: Call to a member function bind_param() on boolean in /var/www/html/ticketsysteem/acties/nieuwTicket.php:42 Stack trace: #0 {main} thrown in /var/www/html/ticketsysteem/acties/nieuwTicket.php on line 42
Can somebody help me?
<?php
//var
$naam = trim($_POST["klantNaam"]);
$achternaam = trim($_POST["klantAchternaam"]);
$tel = trim($_POST["klantTel"]);
$adres = trim($_POST["klantAdres"]);
$postcode = trim($_POST["klantPostc"]);
$stad = trim($_POST["klantStad"]);
$email = trim($_POST["klantEmail"]);
//nieuwe klant
if (isset($_POST['submit1'])) {
$insertklant= $connectie->prepare("INSERT INTO klant klantAchternaam = $achternaam,
klantNaam = $naam, klantTel = $tel, klantAdres = $adres, klantPostc = $postcode,
klantStad = $stad, klantEmail = $email");
$insertklant->bind_param('sssssss', $achternaam, $naam, $tel, $adres, $postcode, $stad, $email);
if($insertklant->execute()) {
echo 'gelukt!';
}
}
?>
<form name="nieuwTicket" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
<button onclick="nieuwek()" type="button" id="nk" >nieuwe klant </button>
<label class="hidden01">naam:</label><input id="text1" type="text" name="klantNaam" class="hidden"/><br>
<label class="hidden01">achternaam:</label><input id="text1" type="text" name="klantAchternaam" class="hidden"/><br>
<label class="hidden01">adres:</label><input id="text1" type="text" name="klantAdres" class="hidden"/><br>
<label class="hidden01">postcode:</label><input id="text1" type="text" name="klantPostc" class="hidden"/><br>
<label class="hidden01">woonplaats:</label><input id="text1" type="text" name="klantStad" class="hidden"/><br>
<label class="hidden01">telefoonnummer:</label><input id="text1" type="text" name="klantTel" class="hidden"/><br>
<input type="submit" name="submit1" value="invoeren" class="hidden">
</form>
Learn how to use prepared statements and what they actually do:
<?php
$stmt = $connectie->prepare("
INSERT INTO klant
klantAchternaam = ?,
klantNaam = ?,
klantTel = ?,
klantAdres = ?,
klantPostc = ?,
klantStad = ?,
klantEmail = ?
");
if($stmt){
$stmt->bind_param('sssssss', $achternaam, $naam, $tel, $adres, $postcode, $stad, $email);
if($stmt->execute()) {
echo 'gelukt!';
}
}
?>
Your current code is wide open to sql injection, while the above code is fully secured against them. The whole idea of prepared statements is that you never have to concat user submitted values directly to the sql query.
I have the following form:
<h2>Sign the Register</h2>
<form action="sign.php" method="post">
<div><textarea name="firstName" rows="3" cols="60" placeholder="First Name..." required="true"></textarea></div>
<div><textarea name="surname" value="mickey" rows="3" cols="60" placeholder="Surname..." required="true"></textarea></div>
<div><textarea name="course" value="mickey" rows="3" cols="60" placeholder="Your Course..." required="true"></textarea></div>
<div><textarea name="subject" rows="3" cols="60" placeholder="Subject..." required="true"></textarea></div>
<div><textarea name="level" rows="3" cols="60" placeholder="Level: C, I, H, M..." required="true"></textarea></div>
<div><textarea name="date" rows="3" cols="60" placeholder="Date.." required="true"></textarea></div>
<div><textarea name="time" rows="3" cols="60" placeholder="Time.." required="true"></textarea></div>
<div><input type="submit" value="Sign Register"></div>
And sign.php is (the connection is fine):
{
if (array_key_exists('firstName', 'surname', 'course', 'subject', 'level', 'date', 'time', $_POST)) {
$stmt = $db->prepare('INSERT INTO entries (firstName, surname, course, subject, level, date, time) VALUES (:firstName, :surname, :course, :subject, :level, :date, :time)');
$stmt->execute(array(':firstName' => htmlspecialchars($_POST['firstName']),
':surname' => htmlspecialchars($_POST['surname']),
':course' => htmlspecialchars($_POST['course']),
':subject' => htmlspecialchars($_POST['subject']),
':level' => htmlspecialchars($_POST['level']),
':date' => htmlspecialchars($_POST['date']),
':time' => htmlspecialchars($_POST['time'])));
$affected_rows = $stmt->rowCount();
}
}
$db = null;
?>
And when that is executed the user is taken to a following page which has the following:
<?php
try {
// Show existing entries.
foreach($db->query('SELECT * from entries') as $row) {
echo "<div><strong>" . $row['firstName'] . "</strong> wrote <br> " . $row['course'] . "</div>";
}
} catch (PDOException $ex) {
echo "An error occurred in reading or writing to register.";
}
$db = null;
?>
But the problem is that none of the records are showing on the success page. I am using google app engine with cloud SQL database (the connection is fine). It is basically a form, the user fills in the form and then the data is sent to the cloud sql database. Also once the user submits the form, they are taken to a page which displays the information that is just been submitted. Any easier/better ways of doing this are welcome.
Thank you
array_key_exists expects only two parameters (key,array) you should split
if (array_key_exists('firstName', 'surname', 'course', 'subject', 'level', 'date', 'time', $_POST))
into multiple conditions
if(array_key_exists('firstName', $_POST) && array_key_exists('surname', $_POST) ... array_key_exists('time', $_POST))
Oke guys, i have a little problem about my codeignitter website, the problem display like this.
Fatal error: Call to a member function result() on a non-object in C:\xampp\htdocs\scbdnet\application\models\m_admin.php on line 88
The Code displayed like this :
Model
public function addUser()
{
$userid = $_POST['clientname'];
$userpassword = md5(12345);
$usernama = $_POST['completename'];
$useremail = $_POST['email'];
$usertelpon = $_POST['phone'];
$usernodesktop = $_POST['desktop'];
$usertypedesktop = $_POST['type'];
$usercompany = $_POST['company'];
$privilegeid = $_POST['level'];
$query=$this->db->query("INSERT INTO table_user (userId, userPassword, userName, userEmail, userTelp, userNoDesktop, userTypeDesktop, userCompany, fkPrivilegeId, userStatus)
VALUES ('$userid','$userpassword','$usernama','$useremail','$usertelpon','$usernodesktop','$usertypedesktop','$usercompany','$privilegeid','1');");
return $query->result(); //LINE 88
}
Controller
public function adduser_to_db(){
$this->load->model('m_admin');
$this->m_admin->addUser();
redirect('admin/user');
}
Views
<form action="<?php echo base_url();?>admin/adduser_to_db" method="POST" name="adduser" id="adduser">
<div class="row form-row">
<div class="col-md-12">
<input type="text" class="form-control" placeholder="New Username" name="clientname">
<input type="text" class="form-control" placeholder="Complete Name" name="completename">
<input type="text" class="form-control" placeholder="Email" name="email">
<input type="text" class="form-control" placeholder="Phone Ext." name="phone">
<input type="text" class="form-control" placeholder="Desktop no." name="desktop">
<input type="text" class="form-control" placeholder="Desktop type" name="type">
<input type="text" class="form-control" placeholder="Company" name="company">
<select id="level" style="width:100%" name="level">
<?php foreach($priv_list as $list){ ?>
<option value="<?php echo $list->privilegeId?>"><?php echo $list->privilegeStatus?></option><?php }?>
</select>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
<button type="submit" class="btn btn-primary" name="adduser" id="adduser" value="adduser">Save changes</button>
</div>
</form>
Any idea guys?
$query->result(); does not work here
try like this
public function addUser()
{
$userid = $_POST['clientname'];
$userpassword = md5(12345);
$usernama = $_POST['completename'];
$useremail = $_POST['email'];
$usertelpon = $_POST['phone'];
$usernodesktop = $_POST['desktop'];
$usertypedesktop = $_POST['type'];
$usercompany = $_POST['company'];
$privilegeid = $_POST['level'];
$query=$this->db->query("INSERT INTO table_user (userId, userPassword, userName, userEmail, userTelp, userNoDesktop, userTypeDesktop, userCompany, fkPrivilegeId, userStatus)
VALUES ('$userid','$userpassword','$usernama','$useremail','$usertelpon','$usernodesktop','$usertypedesktop','$usercompany','$privilegeid','1');");
if($query){
return true;
}else{
return flase;
}
}
You can't use $query->result(); in insert query as it does not populate any result. It works only on select queries.
but if you want to get last insert id then you can use insert_id() as
$insertid = $this->db->insert_id();
You can use active record to insert data in table
$data = array(
'userId' => $_POST['clientname'] ,
'userPassword' => md5(12345) ,
'userName' => $_POST['completename'],
..... for all your column data
);
//then insert into table
$this->db->insert('table_user ', $data);
input formcode is
<form method="post" action="display.php" id="register-form" name="register-form" onsubmit="function() return false;">
<center> First Name :<pre> <input type = "text" name="firstname" value="" ></pre><br>
Last Name:<pre><input type="text" name = "lastname" value="" ></pre><br>
State:<pre><input type="text" name = "state" value="" ></pre><br>
City:<pre><input type="text" name = "city" value="" ></pre><br>
Mobile No:
<pre>
<input type="tel" id = "mobileno" name = "mobileno" data-validation="number" value="" ></pre><br>
Gender :<pre><ul type="none">
<li>Male: <input type="radio" name="icheck" value="Male">
Female: <input type="radio" name="icheck" value="Female" checked></li></ul></pre>
<input type="submit" name="add" value="ADD" formaction="add.php">
<input type="submit" name="delete" value="DELETE">
<input type="submit" name= "update" value="UPDATE" formaction="display.php"> </center>
</form>
add.php(file)(inserting values from the form)
include("dbconnect.php");//database connect
$firstname =$_POST['firstname'];
$lastname = $_POST['lastname'];
$state = $_POST['state'];
$city = strip_tags($_POST['city']);
$gender = strip_tags($_POST['icheck']);
$mobileno = (int) $_POST['mobileno'];
$query = "INSERT INTO user(LastName,FirstName,State,City,MobileNo,Gender) VALUES(?,?,?,?,?,?)";
$stmt=mysqli_prepare($dbc,$query) or die(mysqli_error());
$bind='ssssis';
mysqli_stmt_bind_param($stmt,$bind,$lastname,$firstname,$state,$city,$mobileno,$gender);
mysqli_stmt_execute($stmt);
if (mysqli_stmt_affected_rows($stmt) ==
1) {
echo '<p>Your message has been
posted.</p>';
} else {
echo '<p style="font-weight: bold;
color: #C00">Your message could not
be posted.</p>';
echo '<p>' . mysqli_stmt_error($stmt) .
'</p>';
}
// Close the statement:
mysqli_stmt_close($stmt);
mysqli_close($dbc);
entered value for mobileno is 7878787878 and in database it shows 2147483647
second time i entered value is 8787878787 and it shows same value.
So the code only shows error of dimatch mobile number.
Thank you!!
Parameters mismatching and remove int in front of post mobile number
$query = "INSERT INTO user(LastName,FirstName,State,City,MobileNo,Gender) VALUES(?,?,?,?,?,?)";
mysqli_stmt_bind_param($stmt, $bind, $lastname, $firstname, $state, $city, $mobileno, $gender);
change
$bind = 'ssssis';
to
$bind = 'ssssds';