Hopefully I'm on the right track here. I have a stored procedure prepared to add customer details to my database:
DROP PROCEDURE `sp_add_customer`//
CREATE DEFINER=`test`#`%` PROCEDURE `sp_add_customer`(IN in_name VARCHAR(100), in_address_line_1 VARCHAR(100), in_address_line_2 VARCHAR(100), in_address_line_3 VARCHAR(100), in_city VARCHAR(50), in_county VARCHAR(50), in_phone VARCHAR(30), in_mobile VARCHAR(30), in_email VARCHAR(100))
BEGIN
INSERT INTO customer(name, address_line_1, address_line_2, address_line_3, city, county, phone, mobile, email)
VALUES(in_name, in_address_line_1, in_address_line_2, in_address_line_3, in_city, in_county, in_phone, in_mobile, in_email);
END
I would now like to use this stored procedure with a html form (similar to the one below) to add a customer to my customer table.
<form id="htmlForm" action="add-customer.php" method="post" class="form-horizontal">
<input type="text" class="input-large" placeholder="Customer Name"><br/>
<input type="text" class="input-large" placeholder="Phone"><br/>
<input type="text" class="input-large" placeholder="Mobile"><br/>
<input type="text" class="input-large" placeholder="Email"><br/>
<input type="text" class="input-large" placeholder="Address Line 1"><br/>
<input type="text" class="input-large" placeholder="Address Line 2"><br/>
<input type="text" class="input-large" placeholder="Address Line 3"><br/>
<input type="text" class="input-large" placeholder="City"><br/>
<input type="text" class="input-large" placeholder="County"><br/>
<button type="submit" class="btn">Add Stock</button>
</form>
Could someone please explain to me the PHP code I need to add the details from the customer form to the customer table using the stored procedure.
The add-customer.php file contains:
<?php
//MySQL Database Connect
require once ("includes/config.php")
$name = $_POST['name'];
$phone = $_POST['phone'];
$mobile = $_POST['mobile'];
$email = $_POST['email'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$address3 = $_POST['address3'];
$city = $_POST['city'];
$county = $_POST['county'];
try{
$dbh=config.php();
$stmt = $dbh->prepare('CALL sp_add_customer(:in_name, :in_address_line_1, :in_address_line_2, :in_address_line_3, :in_city, :in_county, :in_phone, :in_mobile, :in_email)');
$stmt->bindParam(':in_name',$name,PDO::PARAM_STR,45);
$stmt->bindParam(':in_address_line_1',$address1,PDO::PARAM_STR,45);
$stmt->bindParam(':in_address_line_2',$address2,PDO::PARAM_STR,45);
$stmt->bindParam(':in_address_line_3',$address3,PDO::PARAM_STR,45);
$stmt->bindParam(':in_city',$city,PDO::PARAM_STR,45);
$stmt->bindParam(':in_county',$county,PDO::PARAM_STR,45);
$stmt->bindParam(':in_phone',$phone,PDO::PARAM_STR,45);
$stmt->bindParam(':in_mobile',$mobile,PDO::PARAM_STR,45);
$stmt->bindParam(':in_email',$email,PDO::PARAM_STR,45);
$stmt->execute();
}
catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
?>
At the moment I'm receiving the following error:
Parse error: syntax error, unexpected T_VARIABLE
Much appreciated.
I hope you know how to send values from html page to php code.
php manual
<?php
$stmt = $dbh->prepare("CALL sp_add_customer(?)");
$stmt->bindParam(1, $return_value, PDO::PARAM_STR, 4000);
// call the stored procedure
$stmt->execute();
print "procedure returned $return_value\n";
?>
OK try this
http://www.joeyrivera.com/2009/using-mysql-stored-procedures-with-php-mysqlmysqlipdo/
Related
I'm new to PHP and I'm not sure what I'm doing wrong. I can open the html form and give the data but when I hit submit it shows me the php code and the database is (obviously) not updated. I have tried inserting values to the table manually through phpMyAdmin and it works. I have looked online but me syntax looks fine (to me). Am I doing some different wrong? If the mistake is not too obvious is there an efficient way to debug (ie see the errors)?
I have this HTML code
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title>Hotel Start Page</title>
</head>
<body>
<form action="customerCreate.php" method="post">
<fieldset><legend>Enter your information in the form below:</legend>
<header align="center"> <b>Customer Sign Up</b></header>
<p><b>Surname: </b><input type="text" name="surname" size="30" maxlength="40"/></p>
<p><b>Name: </b><input type="text" name="name" size="30" maxlength="40"/></p>
<p><b>E-mail: </b><input type="text" name="email" size="30" maxlength="40"/></p>
<p><b>Telephone: </b><input type="text" name="tel" size="30" maxlength="10"/></p>
<p><b>Password: </b><input type="password" name="passwd" size="30" maxlength="10"/></p>
</fieldset>
<div align="center"><input type="submit" name="submit" value="Create Account"/></div>
</form>
</body>
This PHP code
<?php
$host = 'localhost';
$username = 'root';
$password = '';
$db = 'my_hotel';
$conn = new mysqli($host,$username,$password,$db);
if ($conn->connect_error) {
die("Connection Error: " .$conn->connect_error);
}
$sname = $_POST['surname'];
$name = $_POST['name'];
$email = $_POST['email'];
$tel = $_POST['tel'];
$passwd = $_POST['passwd'];
$sql = "INSERT INTO Customer (sname, name, email, tel, passwd) VALUES
(?,?,?,?,?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("sssss",$sname,$name,$email,$tel,$passwd);
$stmt->execute();
$cid = "SELECT cid FROM Customers WHERE sname='$sname' AND passwd='$passwd' ";
$result = $conn->query($cid);
$row = $result->fetch_assoc();
echo "Customer Added.<br>";
echo "Your Customer ID is ".$row['cid'];
$stmt->close();
$conn->close();
?>
And this table in a database called My_hotel in phpMyAdmin
CREATE TABLE Customer (
cid INT AUTO_INCREMENT,
sname VARCHAR(15),
name VARCHAR(15),
email VARCHAR(15),
tel VARCHAR(15),
passwd VARCHAR(15),
PRIMARY KEY (cid)
);
If you get the php code, it must be that your application is not in your web server, so the browser downloads the source file. You should copy/synchronize your files into/with (probably) /var/www/html.
Look into this: http://thisinterestsme.com/php-displayed-in-browser/
This question already has an answer here:
What to do with mysqli problems? Errors like mysqli_fetch_array(): Argument #1 must be of type mysqli_result and such
(1 answer)
How to construct an SQL query correctly in a PHP script? [duplicate]
Closed 5 years ago.
The expect result is for the data that is submitted through a HTML form, and then the form action is this code below. Proccessing the code below I was expecting it to insert the data from the form into a SQL table called customers. However the data is not being inserted and there is no errors showing on the page.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$uName = $_POST['uname'];
$password = sha1($_POST['upassword']);
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$dob = $_POST['dob'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$postcode = $_POST['postcode'];
echo $uName;
echo $password;
include("dbconn.php");
$sql = "INSERT INTO customers (username, password_hash, customer_foremane, customer_surname, date_of_birth, customer_address1, customer_address2, customer_postcode) VALUES ('$uName', '$password', '$fname', '$lname', '$dob', '$address1', '$address2', '$postcode')";
mysqli_query($conn, $sql);
mysqli_close($conn);
?>
This is the form in which the data is from:
<div id = "reg_form">
<form name="register" action="register_customer.php" method="post">
<p id = "form_text"> Username: </p> <input name="uname" type="text" placeholder="Please enter a user name">
<p id = "form_text"> Password: </p> <input name="upassword" type="password" placeholder="Please enter a password"><br>
<p id = "form_text"> First Name: </p> <input name="fname" type="text" placeholder="Please enter your first name"><br>
<p id = "form_text"> Last Name: </p> <input name="lname" type="text" placeholder="Please enter your last name"><br>
<p id = "form_text"> Date of Birth: </p> <input name="dob" type="text" placeholder="Please enter your date of birth"><br>
<p id = "form_text"> Address 1: </p> <input name="address1" type="text" placeholder="Please enter first line of address"><br>
<p id = "form_text"> Address 2: </p> <input name="address2" type="text" placeholder="Please enter second line of address"><br>
<p id = "form_text"> Postcode: </p> <input name="postcode" type="text" placeholder="Please enter your postcode"><br>
<input name="submit" type="submit">
</form>
</div>
This is the dbconn.php:
<?php
$config = parse_ini_file('config.ini');
$conn = mysqli_connect('localhost',$config['username'],
$config['password'],$config['dbname']);
echo "Connected to the database";
?>
you have to use MySqli Prepared Statements for Inserting the query to make it more secure like below:
// prepare and bind Customers Query
$queryCustomers = $conn->prepare("INSERT INTO customers(username, password_hash, customer_foremane, customer_surname, date_of_birth, customer_address1, customer_address2, customer_postcode) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$queryCustomers->bind_param("ssssssss",$uName,$password,$fname,$lname,$dob,$address1,$address2,$postcode);
// execute Customers Query
$queryCustomers->execute();
// Close Connections
$queryCustomers->close();
To learn more, follow http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
I am trying to input data into a database.
i have used echo to see if the database is being read, it is and the database echo's as entered, it just does not insert into the database. This is the same code i used for the registration page, apart from a new amendments, and my reg page works perfectly so i am a little confused to why it is not working.
HTML
<!-- <div id="first">-->
<input type="text" id="fname" name="fname" value="" required>
<input type="text" id="lname" name="lname" value="" required>
<input type="text" id="email" name="email" value="" required>
<input type="number" id="phone" name="phone" value="" required>
<input type="submit" name="Update" value="Update">
<br>
PHP
<?php
session_start();
require('../mysql.inc.php');
?>
<?php
if (isset($_POST['Update'])) {
echo $c_fname = $_POST['fname'];
echo $c_lname = $_POST['lname'];
echo $c_email = $_POST['email'];
echo $c_phone = $_POST['phone'];
$insert_det = "INSERT INTO Cus_acc_details(CUS_Fname,CUS_Lname,CUS_Phone,Cus_Email) VALUES (?,?,?,?)";
$stmt = mysqli_prepare($dbc, $insert_det);
mysqli_stmt_bind_param($stmt, 'sssi', $c_fname, $c_lname, $c_email, $c_phone);
if ($insert_det) {
echo " Saved";
}
} else {
echo "<b> Error </b>";
}
?>
Any suggestions
The call to mysqli_stmt_execute() is missing, thus your statement will never be executed.
Try changing your insert query to
$insert_det = "INSERT INTO Cus_acc_details(CUS_Fname,CUS_Lname,Cus_Email,CUS_Phone) VALUES (?,?,?,?)";
$stmt = mysqli_prepare($dbc, $insert_det);
As you are mixing them up when declaring them on the placeholders and are casting email as a integer but trying to insert the phone number as the email and vice versa
I am creating my first Wordpress plugin and have been stumped for a couple of days. So far I am trying to just get my plugin to save data to the MySQL database on my localhost. When I enter info into the form it creates a new row, which auto increments, but does not pass any of the info that I have entered into the database.
I understand that I have to clean up a lot of this code before I use it but I am just starting and stumped on this particular issue.
Here is the relevant code;
dvi_customer_info.php file
<?php
require('database.php');
require('customer_info_functions.php');
if ($action == 'add_customer') {
$rep = $_POST['rep'];
$business = $_POST['business'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$name = $_POST['name'];
$email = $_POST['email'];
}
add_customer($rep, $business, $address, $phone, $name, $email);
include('dvi_customer_info_sheet.php');
customer_info_functions.php file
<?php
function add_customer($rep, $business, $address, $phone, $name, $email) {
global $db;
$query = "INSERT INTO customers
(repName, customerBusiness, customerAddress, customerPhone, customerName, customerEmail)
VALUES
('$rep', '$business', '$address', '$phone', '$name', '$email')";
$db->exec($query);
}
?>
dvi_customer_info_sheet.php file
<body>
<h1>Customer Info Sheet</h1>
<form action="dvi_customer_info.php" method="post" id="customer_info_sheet_form">
<input type="hidden" name="action" value="add_customer" />
<label>Name of Rep:</label>
<input type="input" name="rep" />
<br />
<label>Name of Business:</label>
<input type="input" name="business" />
<br />
<label>Address:</label>
<input type="input" name="address" />
<br />
<label>Phone #:</label>
<input type="input" name="phone" />
<br />
<label>Name of Decision Maker:</label>
<input type="input" name="name" />
<br />
<label>Email:</label>
<input type="input" name="email" />
<br />
<label> </label>
<input type="submit" value="Add Customer" />
<br /> <br />
</form>
</body>
"INSERT INTO customers
(repName, customerBusiness, customerAddress, customerPhone, customerName, customerEmail)
VALUES
(\"$rep\", $business,...)
(Use double quotes "$rep" or don't use any quotes $business ( use this option) as anything within single quotes is taken as it is i.e a string constant and hence the variable inside that didn't get substituted by it's value
Try This
$query = "INSERT INTO customers
(repName, customerBusiness, customerAddress, customerPhone, customerName, customerEmail)
VALUES
('".$rep."', '".$business."', '".$address."', '".$phone."', '".$name."', '".$email."')";
And Also
I am not clear About your if condition if($action =='add_customer' ) instead of that try
if(isset($_POST['add_customer']))
What is $action?
you can use wordpress default action to insert record in to database like this below code it's sure to insert your record in mysql database.
You have no need to use function to just insert record in database just put this code in dvi_customer_info.php file
<?php
require('database.php');
require('customer_info_functions.php');
global $wpdb;
if ($action == 'add_customer') {
$rep = $_POST['rep'];
$business = $_POST['business'];
$address = $_POST['address'];
$phone = $_POST['phone'];
$name = $_POST['name'];
$email = $_POST['email'];
$your_table_name_here = $wpdb->prefix . 'yourdatanase_table';
$data = array(
'repName' => $rep,
'customerBusiness' => $business,
'customerAddress' => $address,
'customerPhone' => $phone,
'customerName' => $name,
'customerEmail' => $email
);
$idsa = $wpdb->insert($your_table_name_here, $data);
if ($idsa) {
echo '<p class="alert-box success tfamsg">Franchise Setting Inserted.</p>';
}
}
include('dvi_customer_info_sheet.php');
?>
Now it will insert record in database you had also change your database table $your_table_name_here.
Thanks
Based on an earlier post I'm trying to learn prepared statements to sanitize everything properly.
Here's my form:
<form name="login" action="regi.php" method="post" accept-charset="utf-8">
<label for="username">Username: </label><br />
<input type="username" name="username" placeholder="Handle" required><br />
<input type="hidden" name="sign_up_date" value="<?php echo $_POST['sign_up_date'] ?>">
<label for="usermail">Email: </label><br />
<input type="email" name="usermail" placeholder="yourname#email.com" required><br />
<label for="password">Password: </label><br />
<input type="password" name="password" placeholder="password" required><br />
<input type="submit" value="Login">
</form>
Here's the regi.php page:
include("mysql_connect.php");
include("classes/insert.php");
if (!mysqli_query($mysqli,$stmt))
{
die('Error: ' . mysqli_error($mysqli));
}
echo "1 record added";
mysqli_close($mysqli);
Here is my insert.php page:
$user = $_POST['username'];
$email = $_POST['usermail'];
$stmt = $mysqli->stmt_init();
if (!$stmt) {
echo "Init failed";
} else {
$cmd = "INSERT INTO people (username, email, sign_up_date) VALUES (?, ?, NOW() )";
if ($stmt->prepare($cmd)) {
$stmt->bind_param('ssd', $user, $email );
$stmt->execute();
echo $stmt->affected_rows . "row(s) inserted";
$stmt->close();
} else {
echo "Prepare failed";
}
}
Here is my error message:
Localhost via UNIX socket 0row(s) insertedError:
I assume i'm doing something wrong on my insert.php page?
Any help would be greatly appreciated. Thank you.
you could write your query as a stored procedure ... this way the actual query is stored in the db and not in your php file.
also, based on what you have right now it does not look like you are inserting the correct values into the right columns in your table
here is the stored procedure approach
// update your php files so that the following variables read
$cmd = call `people`.`procedurename` (?,?)";
$stmt->bind_param($user, $email );
log into mysql and create a stored procedure with this code
DELIMITER $$
CREATE PROCEDURE `people`.`procedurename` (
IN username VARCHAR(50),
IN email VARCHAR(50)
)
BEGIN
INSERT INTO people (username, email, sign_up_date) VALUES (username, email, NOW());
END
$$
good luck :)