Is there a possibility to put that in a loop?
if (!empty($_POST["textDE"])) {
$mysqli = $connect->prepare("INSERT INTO `l10n-strings` (`translationID`, `languageCode`, `text`) VALUES (?, ?, ?)");
$mysqli->bind_param('iss', $l10id, $languageCodeDE, $textDE);
$mysqli->execute();
}
if (!empty($_POST["textEN"])) {
$mysqli = $connect->prepare("INSERT INTO `l10n-strings` (`translationID`, `languageCode`, `text`) VALUES (?, ?, ?)");
$mysqli->bind_param('iss', $l10id, $languageCodeEN, $textEN);
$mysqli->execute();
}
if (!empty($_POST["textES"])) {
$mysqli = $connect->prepare("INSERT INTO `l10n-strings` (`translationID`, `languageCode`, `text`) VALUES (?, ?, ?)");
$mysqli->bind_param('iss', $l10id, $languageCodeES, $textES);
$mysqli->execute();
}
if (!empty($_POST["textFR"])) {
$mysqli = $connect->prepare("INSERT INTO `l10n-strings` (`translationID`, `languageCode`, `text`) VALUES (?, ?, ?)");
$mysqli->bind_param('iss', $l10id, $languageCodeFR, $textFR);
$mysqli->execute();
}
if (!empty($_POST["textIT"])) {
$mysqli = $connect->prepare("INSERT INTO `l10n-strings` (`translationID`, `languageCode`, `text`) VALUES (?, ?, ?)");
$mysqli->bind_param('iss', $l10id, $languageCodeIT, $textIT);
$mysqli->execute();
}
$languages = array('DE', 'EN', 'ES', 'FR', 'IT');
foreach ($languages as $lang) {
$langKey = 'text' . $lang;
if (!empty($_POST[$langKey])) {
$mysqli = $connect->prepare(
"INSERT INTO `l10n-strings` (`translationID`, `languageCode`, `text`) ".
"VALUES (?, ?, ?)"
);
$mysqli->bind_param(
'iss',
$l10id,
${'languageCode'.$lang},
${$langKey}
);
$mysqli->execute();
}
}
Variable variables make this easier, with a look-up array.
Also disable register globals in your PHP configuration, it is a security issue.
Related
I use the same Code local and on the server.
While its working just fine local, there is no db-entry while running on the server.
While the INSERT statement is not working i can read and update the rows - so the connection should be fine.
Can somebody help me?
function setDataToParticipantTable($db_host, $db_password, $db_user, $db_name, $new_participant)
{
$db = new PDO('mysql:host=' . $db_host . ';dbname=' . $db_name, $db_user, $db_password);
$qry = "INSERT INTO " . "`TAEK_Subscriber19`" . " (`Vorname`, `Nachname`, `Email`, `Straße`, `Hausnummer`, `PLZ`, `Ort`, `Land`, `Turnusaerztevertreter`, `DO_VM_WS_1`, `DO_NM_WS_1`, `FR_VM_WS1_1`, `FR_VM_WS2_1`, `FR_NM_WS_1`, `Kongresseroeffnung`, `Kongressparty`, `Infotext`, `Hash`)
VALUES
(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
$statement = $db->prepare($qry);
$statement->bindParam(1, $new_participant['Vorname']);
$statement->bindParam(2, $new_participant['Nachname']);
$statement->bindParam(3, $new_participant['Email']);
$statement->bindParam(4, $new_participant['Straße']);
$statement->bindParam(5, $new_participant['Hausnummer']);
$statement->bindParam(6, $new_participant['PLZ']);
$statement->bindParam(7, $new_participant['Ort']);
$statement->bindParam(8, $new_participant['Land']);
$statement->bindParam(9, $new_participant['Turnusaerztevertreter']);
$statement->bindParam(10, $new_participant['DO_VM_WS_1']);
$statement->bindParam(11, $new_participant['DO_NM_WS_1']);
$statement->bindParam(12, $new_participant['FR_VM_WS1_1']);
$statement->bindParam(13, $new_participant['FR_VM_WS2_1']);
$statement->bindParam(14, $new_participant['FR_NM_WS_1']);
$statement->bindParam(15, $new_participant['Kongresseroeffnung']);
$statement->bindParam(16, $new_participant['Kongressparty']);
$statement->bindParam(17, $new_participant['Infotext']);
$statement->bindParam(18, $new_participant['Hassh']);
$statement->execute();
$statement = null;
$db = null;
}
This is my php code. Can you please help me. There's no data in my database.
<?php
require_once("dbconnect.php");
session_start();
for ($x = 0; x < $_POST['reimcounter']; $x++) {
$date = $_POST['date'];
$tin = $_POST['tin'];
$address = $_POST['address'];
$particulars = $_POST['particulars'];
$referencenumber = $_POST['refno'];
$total = floatval(preg_replace('/[^\d\.]/', '', $_POST['total' . $x]));
$nonvat = floatval(preg_replace('/[^\d\.]/', '', $_POST['nonvat' .
$x]));
Is there anything wrong with my insert code?
$sql = "INSERT INTO rtco_cms.dbo.Reimbursement VALUES (?, ?, ?, ?, ?, ?,
?, ?, ?)";
$params = array($date, $tin, $SESSION['empid'], $address,
$SESSION['clientid'], $particulars, $referencenumber, $nonvat, $total);
$stmt = sqlsrv_query($conn, $sql, $params);
}
header("location: ../reimbursement.php");
?>
Change this
$params = array($date, $tin, $SESSION['empid'], $address,
$SESSION['clientid'], $particulars, $referencenumber, $nonvat, $total);
to
$params = array($date, $tin, $_SESSION['empid'], $address,
$_SESSION['clientid'], $particulars, $referencenumber, $nonvat, $total);
Session variable calling is wrong. Hope it helps
Update your insert query for example see this query:
tsql= "INSERT INTO dbo.vF_events (
username,
Rft,
Ging,
description,
date,
trdate)
VALUES
(?, ?, ?, ?, ?, ?)";
$var = array($username, $sort, $ag, $description, $date, $trdate);
if (!sqlsrv_query($conn, $tsql, $var))
{
die('Error: ' . sqlsrv_errors());
}
echo "record added";
I am trying to store data into database from my form.I have try below code,but it will give me fatal error.what is the changes i have to do so that code can work fine.Here i have check my database connection all working fine but there is only one error of fatal error:Call to a member function bind_param() on a non-object.
<?php
if(isset($_POST['submit']))
{
$conn = mysqli_connect('localhost', 'root', '','tmtool');
if($conn -> connect_errno )
{
die('coudn\'t connect to the database' . mysqli_connect_error());
}
if(! get_magic_quotes_gpc() )
{
$Testcase_id = addslashes (filter_input(INPUT_POST, 'Testcase_id'));
$Testcase_title = addslashes (filter_input(INPUT_POST, 'Testcase_title'));
$Testcase_desc = addslashes(filter_input(INPUT_POST, 'Testcase_desc'));
$Product_id= addslashes(filter_input(INPUT_POST, 'Project_id'));
$Date_created= addslashes(filter_input(INPUT_POST, 'Date_created'));
$Created_by= addslashes(filter_input(INPUT_POST, 'Created_by'));
$Type= addslashes(filter_input(INPUT_POST, 'Type'));
$Priority = addslashes(filter_input(INPUT_POST, 'Priority'));
$Precondition= addslashes(filter_input(INPUT_POST, 'Precondition'));
$Test_step = addslashes(filter_input(INPUT_POST, 'Test_step'));
$Expected_result = addslashes(filter_input(INPUT_POST, 'Expected_result'));
$Request_mode = addslashes(filter_input(INPUT_POST, 'Request_mode'));
$Language = addslashes(filter_input(INPUT_POST, 'Language'));
$Category = addslashes(filter_input(INPUT_POST, 'Category'));
$Sub_category = addslashes(filter_input(INPUT_POST, 'Sub_category'));
}
else
{
$Testcase_id =(filter_input(INPUT_POST, 'Testcase_id'));
$Testcase_title =(filter_input(INPUT_POST, 'Testcase_title'));
$Testcase_desc = (filter_input(INPUT_POST, 'Testcase_desc'));
$Product_id=(filter_input(INPUT_POST, 'Project_id'));
$Date_created=(filter_input(INPUT_POST, 'Date_created'));
$Created_by=(filter_input(INPUT_POST, 'Created_by'));
$Type= (filter_input(INPUT_POST, 'Type'));
$Priority =(filter_input(INPUT_POST, 'Priority'));
$Precondition=(filter_input(INPUT_POST, 'Precondition'));
$Test_step =(filter_input(INPUT_POST, 'Test_step'));
$Expected_result =(filter_input(INPUT_POST, 'Expected_result'));
$Request_mode = (filter_input(INPUT_POST, 'Request_mode'));
$Language = (filter_input(INPUT_POST, 'Language'));
$Category = (filter_input(INPUT_POST, 'Category'));
$Sub_category = (filter_input(INPUT_POST, 'Sub_category'));
}
$sql = $conn->prepare("INSERT INTO tmtool.testcase_master ( `Testcase_id`,`Testcase_title`,`Testcase_desc`,`Product_id`,`Date_created`,`Created_by`,`Type`,`Priority`, `Precondition`, `Test_step`, `Expected_result`, `Request_mode`, `Language`, `Category`, `Sub_category`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$sql->bind_param('sssssssssssssss',$Testcase_id,$Testcase_title,$Testcase_desc, $Product_id, $Date_created, $Created_by, $Type , $Priority, $Precondition, $Test_step, $Expected_result, $Request_mode, $Language, $Category , $Sub_category);
if($sql->execute())
{
echo "Entered data successfully\n";
mysqli_close($conn);
}
else {
die('Could not enter data: ' . mysqli_error($conn));
}
}else{
echo "you are not able to connect to data base";
}
?>
You use mysqli_* in OOP style so you have to use the keyword new and remove the _connectpart for the connection like this:
$conn = new mysqli('localhost', 'root', '','tmtool');
//^^^ ^ '_connect' removed
//| See here
Also change your close statement from:
mysqli_close($conn);
to this:
$conn->close();
And for errors you have to use this:
$conn->error //Not mysqli_error($conn)
As suggested by #Rizier123,
When i am try to put prepare statement into if condition then it will work for me...Thanks #Rizier123
Final correction in code is:
if(($sql = $conn->prepare("INSERT INTO tmtool.testcase_master ( `Testcase_id`,`Testcase_title`,`Testcase_desc`,`Product_id`,`Date_created`,`Created_by`,`Subscriber_type`,`Priority`, `Precondition`, `Test_step`, `Expected_result`, `Activation_mode`, `Language`, `Category`, `Sub_category`) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"))== FALSE)
{
echo "false";
}
$sql->bind_param('sssssssssssssss',$Testcase_id,$Testcase_title,$Testcase_desc, $Product_id, $Date_created, $Created_by, $Subscriber_type , $Priority, $Precondition, $Test_step, $Expected_result, $Activation_mode, $Language, $Category , $Sub_category);
I tried to use, for the first time, prepared statement in order to avoid sql injection but it seems i have a problem when i try to insert or update my database i use these lines to do what i want:
Insert:
$stmt = $con->prepare("INSERT INTO my_array (image1,image2,image3,image4, info, type, lat, lng, date_created, status, created_by, closed_by, date_finished) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") ;
$stmt->bind_param('bbbbssddsssss', $image1, $image2, $image3, $image4, $info, $type, $lat, $long, $date, $opened, $user, $closed_by, $closed_by, $date_finished);
$stmt->execute();
$result = $stmt->get_result();
Update:
$stmt = $con->prepare("UPDATE users SET fullname = IF(LENGTH(?) = 0, fullname, ?), email = IF(LENGTH(?) = 0, email, ?), phone_num = IF(LENGTH(?) = 0, phone_num, ?) , address = IF(LENGTH(?) = 0, address, ?) WHERE username = '$user'") ;
$stmt->bind_param('ssssiiss',$fullname, $fullname, $email, $email, $phone_number , $phone_number, $address, $address);
$stmt->execute();
$result = $stmt->get_result();
in both i get a "false" result.
In the first you have $closed_by duplicate.
In the second you have $user in the prepared statement. That must be a parameter.
use proper error handling in each of your statements:
if(!($stmt = $con->prepare("INSERT INTO my_array (image1,image2,image3,image4, info, type, lat, lng, date_created, status, created_by, closed_by, date_finished) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"))
{
echo "Prepare failed: (" . $con->errno . ") " . $con->error;
}
if(!$stmt->bind_param('bbbbssddsssss', $image1, $image2, $image3, $image4, $info, $type, $lat, $long, $date, $opened, $user, $closed_by, $closed_by, $date_finished))
{
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if(!$stmt->execute())
{
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
if(!($result = $stmt->get_result())
{
echo "Getting result set failed: (" . $stmt->errno . ") " . $stmt->error;
}
I am trying to insert some values to my database using PDO but it just says "No database selected".
$host = "localhost";
$dbname = "aura";
$user = "root";
$pass = "somepassword";
try {
$DB = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
$DB->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$DB->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo $e->getMessage();
}
$SignUp = $DB->prepare("INSERT INTO `users` (`username`, `password`, `name`, `email`, `rank`, `lvl`, `xp`, `money`, `age`, `reg_ip`, `last_ip`, `created`, `last_online`, `last_action`, `online`)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ");
$SignUp->bindValue(1, $username);
$SignUp->bindValue(2, $password);
$SignUp->bindValue(3, $name);
$SignUp->bindValue(4, $email);
$SignUp->bindValue(5, '1');
$SignUp->bindValue(6, '1');
$SignUp->bindValue(7, '1');
$SignUp->bindValue(8, '100');
$SignUp->bindValue(9, NULL);
$SignUp->bindValue(10, $ip);
$SignUp->bindValue(11, $ip);
$SignUp->bindValue(12, $time);
$SignUp->bindValue(13, $time);
$SignUp->bindValue(14, $time);
$SignUp->bindValue(15, $online);
try{
$SignUp->execute();
} catch(PDOException $e){
die($e->getMessage());
}
I do not know why I get this error because I have connected successfully to the database and as you can see I have specified a database.
It looks ok, but you may have issues with the first try catch and your not killing and possible confusing the insert with the errors from the first.
Also wrap the whole statements in the try catch blocks also using $e->__toString() its going to give you a full stack trace, often that makes it easyier to trace where the error is.
Try this, I couldn't tell you if the following changes will fix the issue but might make it more clearer.
<?php
$host = "127.0.0.1";
$dbname = "aura";
$user = "root";
$pass = "somepassword";
try {
$DB = new PDO('mysql:host='.$host.';dbname='.$dbname, $user, $pass, array(
PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8")
);
} catch(PDOException $e) {
die('<pre>'.$e->__toString().'</pre>');
}
try{
$SignUp = $DB->prepare("
INSERT INTO `users` (`username`, `password`,
`name`, `email`, `rank`,
`lvl`, `xp`, `money`,
`age`, `reg_ip`, `last_ip`,
`created`, `last_online`,
`last_action`, `online`)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ");
$SignUp->bindValue(1, $username);
$SignUp->bindValue(2, $password);
$SignUp->bindValue(3, $name);
$SignUp->bindValue(4, $email);
$SignUp->bindValue(5, '1');
$SignUp->bindValue(6, '1');
$SignUp->bindValue(7, '1');
$SignUp->bindValue(8, '100');
$SignUp->bindValue(9, NULL);
$SignUp->bindValue(10, $ip);
$SignUp->bindValue(11, $ip);
$SignUp->bindValue(12, $time);
$SignUp->bindValue(13, $time);
$SignUp->bindValue(14, $time);
$SignUp->bindValue(15, $online);
$SignUp->execute();
} catch(PDOException $e){
die('<pre>'.$e->__toString().'</pre>');
}
?>