this is code not working. ERROR:Parse error: syntax error, unexpected '$age' (T_VARIABLE) in... directory.
$name = trim($_POST['name']);
$age = trim($_POST['age']);
$insert= $db->prepare("INSERT INTO data (age, name, created) VALUES (?, ?, NOW())");
$insert->bind_param('is' $age, $name);
if($insert->execute()){
echo 'record added';
die();
}
I believe you are not following PDO rules to prepare and execute any query.
Refer following Url,
PDO::prepare
I hope this will help you.
you are missing , after Type specification chars( is) :
$insert->bind_param('is' $age, $name);
should be :
$insert->bind_param('is',$age, $name);
All parameters should be separated by ,
You are mixing mysqli code with PDO
$name = trim($_POST['name']);
$age = trim($_POST['age']);
$insert= $db->prepare("INSERT INTO data (age, name, created) VALUES (?, ?, NOW())");
$insert->->bindParam(1, $age, PDO::PARAM_INT);
$insert->->bindParam(2, $name, PDO::PARAM_STR, 12);//Change 12 to suit
if($insert->execute()){
Related
Everything is Working Fine No Error. But I don't Know Why data is not posted on my database.
I'm new TO flutter so I need these Code Using tutorials. Get Method is Working Fine but Post method not working.
IN localhost code was working Now I hosted this project database on the server
This is my database File. Create.php
<?php
include "db.php";
$name = isset($_POST['name']) ? $_POST['name'] : '';
$desciption = isset($_POST['desciption']) ? $_POST['desciption'] : '';
$addr = isset($_POST['addr']) ? $_POST['addr'] : '';
$image_url = isset($_POST['image_url']) ? $_POST['image_url'] : '';
$price = isset($_POST['price']) ? $_POST['price'] : '';
$stmt = $db->prepare("INSERT INTO house (name, desciption,addr,image_url,price) VALUES (?, ?,?,?, ?)");
$result = $stmt->execute([$name, $desciption,$addr,$image_url,$price]);
echo json_encode($result);
When I'm Clicking on Submit Button on error get is this
API response
I need your support. I am posting the question again because it's not been solved past 8 days
Thanks in Advance
$stmt = $db->prepare("INSERT INTO house (name, desciption,addr,image_url,price) VALUES (?, ?,?,?, ?)");
$result = $stmt->execute([$name, $desciption,$addr,$image_url,$price]);
in this section should also bind the parameters because you are using prepared statements.
$stmt = $db->prepare("INSERT INTO house (name, desciption,addr,image_url,price) VALUES (?, ?,?,?, ?)");
$stmt->bind_param("sssss", $name, $desciption, $addr, $image_url, $price);
// s means string so if the price is not string you can change it to integer (i) or double (d)
$result = $stmt->execute();
If this does not work please change bind_param part to:
$stmt->bindParam(1, $name, PDO::PARAM_STR);
$stmt->bindParam(2, $desciption, PDO::PARAM_STR);
$stmt->bindParam(3, $addr, PDO::PARAM_STR);
$stmt->bindParam(4, $image_url, PDO::PARAM_STR);
$stmt->bindParam(5, $name, PDO::PARAM_STR);
And you have typo in desciption, it should be "description"
I'm trying to use prepared statements to enter data in a database. The unprepared statement works but this prepared statement does not. I can't find out why.
Prepared version:
$stmt = $mysqli->prepare("INSERT INTO videos (file_name, upload_by, date, path)
VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $newstring, $id, $date->format('Y-m-d'), $location);
$stmt->execute();
Unprepared version:
$sql = "INSERT INTO videos (file_name, upload_by, date, path) VALUES ('$newstring', '$id', '
$date', 'Nominator/$location$newstring')";
mysqli_query($mysqli, $sql);
Replace $stmt-execute(); with $stmt->execute();
Also, don't use date and path in query. Rename them with some other name like date1 and path1.
Update your Query like below that will surely work (Tested Offline):
<?php
$mysqli = new mysqli('localhost', 'root', '', 'test2');
if ($mysqli->errno) {
printf("Connect failed: %s\n", $mysqli->error);
exit();
}
$stmt = $mysqli->prepare("INSERT INTO videos (file_name, upload_by, date1, path1) VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $file_name, $upload_by, $date1, $path1);
$date1 = date("Y-m-d");
$file_name = "test.jpg";
$upload_by = "amit";
$path1 = "test";
if ($result = $stmt->execute()){
echo "success";
$stmt->free_result();
} else {
echo "error";
}
$stmt->close();
?>
You are binding your parameter twice, if you are using only ?, don't bind parameter again just execute directly.
//Prepare your query first
$stmt = $mysqli->prepare("INSERT INTO videos (file_name, upload_by, date, path)
VALUES (?, ?, ?, ?)");
//Just pass your argument and execute directly without binding the parameter (The parameter is binded already)
$stmt->execute('ssss', $newstring, $id, $date->format('Y-m-d'), $location);
I have been ripping my hair for days over this problem so any helpful advice would be appreciated. Calling the following function returns nothing. The POST values are set (They print with echo) and the database let me update and extract with other functions. What am i missing?
Oh yea, all the values are strings.
$stmt = $db->prepare("INSERT INTO content_page (name, layout, page_id) VALUES (?,?,?)");
$stmt->bind_param("sss", $_POST['name'], $_POST['layout'], $_POST['page_id']);
$stmt->execute();
$stmt->close();
At glance, there is nothing wrong with this code (in case you are indeed using mysqli). So, the only way to get to know what is going wrong is to get the error message.
Add this line before connect
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
and make sure you can see PHP errors
Try this
$sql = "INSERT INTO content_page (name, layout, page_id) VALUES (?,?,?)";
if (!$stmt = $db->prepare($sql)) {
die($db->error);
}
$stmt->bind_param("ssi", $_POST['name'], $_POST['layout'], $_POST['page_id']);
if (!$stmt->execute()) {
die($stmt->error);
}
$stmt->close();
Or, if, as you said, all your values are strings (given, they are as well defined as varchars/something similar in your database), you can still bind_param("sss"...
Aren't page_id's integers ? Since the asker first tagged the question as PDO, here is the PDO version :
$stmt = $db->prepare("INSERT INTO content_page (name, layout, page_id) VALUES (:name,:layout,:pid)");
$sth->bindParam(':name', $_POST['name'], PDO::PARAM_STR);
$sth->bindParam(':layout', $_POST['layout'], PDO::PARAM_STR);
$sth->bindParam(':pid', $_POST['page_id'], PDO::PARAM_INT);
$stmt->execute();
Or (MySQLi):
$stmt = $db->prepare("INSERT INTO content_page (name, layout, page_id) VALUES (?,?,?)");
$stmt->bind_param("ssi", $_POST['name'], $_POST['layout'], $_POST['page_id']);
$stmt->execute();
Or (PDO) :
$stmt = $db->prepare("INSERT INTO content_page (name, layout, page_id) VALUES (?,?,?)");
$stmt->execute(array($_POST['name'], $_POST['layout'], $_POST['page_id']));
Here you are:
$name = $_POST['layout'];
$layout = $_POST['layout'];
$page_id= $_POST['page_id'];
$stmt = $db->prepare("INSERT INTO content_page (name, layout, page_id) VALUES ('".$name."','".$layout."','".$page_id."')");
I am using following code to insert a row in database. I always get ERROR
{"error":"SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show) VALUES('A E Jewelers','Quintin','Schmidt','131 South Rolling Meadows Dr.',' at line 1"}
Here is my query
xxx/webservice/api.php?action=addStore&name=A%20E%20Jewelers&firstname=Quintin&lastname=Schmidt&address=131%20South%20Rolling%20Meadows%20Dr.&city=Fond%20du%20Lac&state=WI&country=USA&zip=54935&phone=(920)%20933%203601%0A&fax=(920)%20486-1734&email=Diadori#aejewelers.com&latitude=43.775931&longitude=-88.482894&website=www.aejewelers.com&show=1
function AddStore()
{
$name = trim($_REQUEST['name']);
$firstname = trim($_REQUEST['firstname']);
$lastname = trim($_REQUEST['lastname']);
$address = trim($_REQUEST['address']);
$city = trim($_REQUEST['city']);
$state = trim($_REQUEST['state']);
$country = trim($_REQUEST['country']);
$zip = trim($_REQUEST['zip']);
$phone = trim($_REQUEST['phone']);
$fax = trim($_REQUEST['fax']);
$email = trim($_REQUEST['email']);
$latitude = trim($_REQUEST['latitude']);
$longitude = trim($_REQUEST['longitude']);
$website = trim($_REQUEST['website']);
$show = 1;
return $show;
$insert_id = 0;
try {
$conn = $this->GetDBConnection();
$statement = $conn->prepare('INSERT INTO stores( name, firstname, lastname, address, city, state, country, zip, phone, fax, email, latitude,longitude, website,show) VALUES(:name,:firstname,:lastname,:address,:city,:state,:country,:zip,:phone,:fax, :email, :phone, :zip)');
$statement->bindParam(':name', $name, PDO::PARAM_STR);
$statement->bindParam(':firstname', $firstname, PDO::PARAM_STR);
$statement->bindParam(':lastname' , $lastname, PDO::PARAM_STR);
$statement->bindParam(':address', $address, PDO::PARAM_STR);
$statement->bindParam(':city', $city, PDO::PARAM_STR);
$statement->bindParam(':state', $state, PDO::PARAM_STR);
$statement->bindParam(':country', $country, PDO::PARAM_STR);
$statement->bindParam(':zip', $zip, PDO::PARAM_STR);
$statement->bindParam(':phone', $phone, PDO::PARAM_STR);
$statement->bindParam(':fax' , $fax, PDO::PARAM_STR);
$statement->bindParam(':email' , $email, PDO::PARAM_STR);
$statement->bindParam(':latitude' , $latitude, PDO::PARAM_STR);
$statement->bindParam(':longitude', $longitude, PDO::PARAM_STR);
$statement->bindParam(':website' , $website, PDO::PARAM_STR);
$statement->bindParam(':show' , $show, PDO::PARAM_INT);
$statement->execute();
$insert_id = $conn->lastInsertId();
$conn = null;
} catch(PDOException $e) {
throw $e;
}
return $insert_id;
}
Replace the column name show with `show`
INSERT INTO stores(
name, firstname, lastname, address, city, state,
country, zip, phone, fax, email, latitude,longitude,
website,`show`)
VALUES (:name,:firstname,:lastname,:address,:city,
:state,:country,:zip,:phone,:fax, :email,
:phone, :zip)'
The word show is a keyword in SQL
It's good practice to always wrap field names and table names in backticks ` to prevent this common "gotcha" with accidentally using a reserved keyword. There are an amazing number of reserved words in SQL, so it's probably easier just to backtick names rather than remembering to check each field or table name used.
I take it you have confirmed that none of the values are empty/null or have embedded spaces, quotes, or commas? Does the PDO library take care of escaping quotes (e.g., Mrs. O'Leary's Cow) and wrapping the data in quotes?
I've gone over this script like 30 times, and I can't for the life of me find my problem. Here is the code:
function redeem() {
$case = $_POST["case"];
$name = $_POST["name"];
$profession = $_POST["profession"];
$city = $_POST["city"];
$country = $_POST["country"];
$totalpercent = $_POST["totalpercent"];
$pretest = $_POST["pretest"];
$posttest = $_POST["posttest"];
$investigationspercent = $_POST["investigationspercent"];
$timesreset = $_POST["timesreset"];
$creditsspent = $_POST["creditsspent"];
$timescompleted = $_POST["timescompleted"];
//Add the information to the learnent_cases_leaderboard table
$stmt = $this->db->prepare("INSERT INTO learnent_cases_leaderboard (case, name, profession, city, country, totalpercent, pretest, posttest, investigationspercent, creditsspent, timescompleted, timesreset, timestamp) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, CURRENT_TIMESTAMP)");
$stmt->bind_param("sssssiiiiiii", $case, $name, $profession, $city, $country, $totalpercent, $pretest, $posttest, $investigationspercent, $creditsspent, $timescompleted, $timesreset); //the quotations specify the type of variable;
//See http://php.net/manual/en/mysqli-stmt.bind-param.php for more information on bind_param
$stmt->execute();
$stmt->close();
When I look at the error log, it gives me this error message:
Line 105 is this line:
PHP Fatal error: Call to a member function bind_param() on a non-object on line 105
Code:
$stmt->bind_param("sssssiiiiiii", $case, $name, $profession, $city, $country, $totalpercent, $pretest, $posttest, $investigationspercent, $creditsspent, $timescompleted, $timesreset);
You never checked that $stmt is an object. In this case, it's more likely to be FALSE, which is what PDO::prepare returns when your query has an error in it.
And your query has an error in it, because you did not delimit your field names in backticks and timestamp is a keyword.
Check for errors after invoking functions from 3rd party APIs, and fix your query.
First of; always run your queries in the localhost to see if your query executes without error. Next always make sure your the names of the fields and data types corresponds with what you have in your code