Jump to content

KillGorack

Members
  • Content Count

    57
  • Joined

  • Last visited

Everything posted by KillGorack

  1. Thanks that did the trick. My issue with this is without being spoon fed the code at the end, I wouldn't be able to use the PDO version. Goes in hand with my mismatched code above. I really need to get my head into this version, and a comparable PDO version. I just hope that modifying this to do an edit doesn't prove as difficult. Thanks again for the help.
  2. Oh if it helps the structure of the table? CREATE TABLE IF NOT EXISTS `users` ( `ID` int(11) NOT NULL AUTO_INCREMENT, `usr_login` varchar(64) NOT NULL, `usr_f_name` varchar(64) NOT NULL, `usr_l_name` varchar(64) NOT NULL, `usr_pass` varchar(255) NOT NULL, `usr_email` varchar(255) NOT NULL, PRIMARY KEY (`ID`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
  3. Thanks for the reply again. I tried that on and off and get the very same error. I've took the code out of the rest of the mess, and now am working with a single file. Code below, most of yours in in there including the characters I left out earlier. <?php include('./inc/connection.php'); $fieldarray[] = array("usr_login", "s", "user232"); $fieldarray[] = array("usr_f_name", "s", "John"); $fieldarray[] = array("usr_l_name", "s", "Doe"); $fieldarray[] = array("usr_pass", "s", "password123"); $fieldarray[] = array("usr_email", "s", "user@domain.com"); $app_var = "users"; $cols = array(); $types = ''; // string holding the i,s,d,b types $params = array(); // holds references to data values in the same order as the field names and types foreach($fieldarray as $field){ $cols[] = $field[0]; $types .= $field[1]; $params[] = &$field[2]; } $holders = array_fill(0,count($cols),'?'); $query = "INSERT INTO $app_var (".implode(',',$cols).") VALUES (".implode(',',$holders).")"; $stmt = $db->prepare($query); echo implode(', ',$cols)."</br>"; echo $types."</br>"; echo implode(', ',$params)."</br>"; echo $query."</br>"; $refArr = array_merge(array($types),$params); // array of the bind_param parameters $ref = new ReflectionClass('mysqli_stmt'); // use class reflection to call mysqli->bind_param dynamically $method = $ref->getMethod("bind_param"); $method->invokeArgs($stmt,$refArr); // 'call' the actual bind_param method $stmt->execute(); ?> Echos output this; usr_login, usr_f_name, usr_l_name, usr_pass, usr_email sssss user232, John, Doe, password123, user@domain.com INSERT INTO users (usr_login,usr_f_name,usr_l_name,usr_pass,usr_email) VALUES (?,?,?,?,?) Still getting an error, I'm fairly lost.. Fatal error: Uncaught exception 'ReflectionException' with message 'Invocation of method mysqli_stmt::bind_param() failed' in C:\xampp\htdocs\portal-x\test.php:35 Stack trace: #0 C:\xampp\htdocs\portal-x\test.php(35): ReflectionMethod->invokeArgs(Object(mysqli_stmt), Array) #1 {main} thrown in C:\xampp\htdocs\portal-x\test.php on line 35
  4. Understood! I'm risking becoming a little high maintenance on this one. All the help thus far is greatly appreciated! here is the latest iteration with your input below. $stmt = "INSERT INTO ".$app_var." ("; foreach($fieldarray as $field){ $stmtfld = $stmtfld.$field[2].", "; $stmtqst = $stmtqst."?, "; $stmtcon = $stmtcon.$field[25].", "; $stmttyp = $stmttyp.$field[26]; } echo trim($stmtfld, ", ")."</br>"; // Checking the format echo trim($stmtqst, ", ")."</br>"; echo trim($stmtcon, ", ")."</br>"; echo trim($stmttyp, ", ")."</br>"; $query = $stmt.trim($stmtfld, ", ").") VALUES (".trim($stmtqst, ", ").")"; echo $query; // Again checking $stmt = $db->prepare($query); $params = explode(trim($stmtcon, ", "), ", "); $refArr = array_merge(array($stmttyp),$params); // array of the bind_param parameters $ref = new ReflectionClass('mysqli_stmt'); // use class reflection to call mysqli->bind_param dynamically $method = $ref->getMethod("bind_param"); $method->invokeArgs($stmt,$refArr); // 'call' the actual bind_param method $stmt->execute(); the echo's put the following out in case we think the array is at fault.. usr_login, usr_email, usr_f_name, usr_l_name, usr_pass ?, ?, ?, ?, ? usr_name_0147, user@domain.com, John, Doe, password sssss INSERT INTO users (usr_login, usr_email, usr_f_name, usr_l_name, usr_pass) VALUES (?, ?, ?, ?, ?) and finally the error Fatal error: Uncaught exception 'ReflectionException' with message 'Invocation of method mysqli_stmt::bind_param() failed' in C:\xampp\htdocs\portal-x\all\fun\all\add.php:206 Stack trace: #0 C:\xampp\htdocs\portal-x\all\fun\all\add.php(206): ReflectionMethod->invokeArgs(Object(mysqli_stmt), Array) #1 C:\xampp\htdocs\portal-x\all\fun\switch.php(5): include('C:\xampp\htdocs...') #2 C:\xampp\htdocs\portal-x\index.php(20): include('C:\xampp\htdocs...') #3 {main} thrown in C:\xampp\htdocs\portal-x\all\fun\all\add.php on line 206 Of course the table is a just a test, all field names are purely consequential.
  5. Tried mac_gyver's method, but getting errors.. $stmt = "INSERT INTO ".$app_var." ("; foreach($fieldarray as $field){ $stmtflds = $stmtflds.$field[2].", "; $stmtqs = $stmtqs."?, "; } $query = $stmt.trim($stmtflds, ", ").") VALUES (".trim($stmtqs, ", ").")"; $stmt = $db->prepare($query); $cntr = 1; foreach($fieldarray as $field){ $stmt->bindValue($cntr++, $field[25], PDO::PARAM_STR); } $stmt->execute(); Results in error. Do I need to further set something up for PDO, I've not used that before. All the comments on scrubbing, validating users and the like is appreciated, trust me it's all in there.. Just need some syntax help. If i can get this above working I'll edit to my needs after. Just need to understand a simple example working. Test table has all fields strings (that it's updating) Error on line 102 above Fatal error: Call to undefined method mysqli_stmt::bindValue() in..
  6. Agree on your side comments completely. Getting from the form post to the array is a sanitizing function of course, not only administrators will evoke this code, but coworkers on an intranet environment. I'll wrap my head around this and try tonight. Thanks!!!
  7. Trying to convert some old code with the use of the prepared statements, when I don't know the format of the table. That format will be in an array, along with the values that will eventually be stuck in there. example this first line can be built with this code $stmt = "INSERT INTO ".$table_name." ("; foreach($fieldarray as $field){ $stmtflds = $stmtflds.$field[2].", "; $stmtqs = $stmtqs."?, "; } $stmt = $stmt.trim($stmtflds, ", ").") VALUES (".trim($stmtqs, ", ").")"; $stmt = $conn->prepare($stmt); // Outputs something like... // $stmt = $conn->prepare("INSERT INTO MyGuests (firstname, lastname, email) VALUES (?, ?, ?)"); But for the life of me I can't figure out how to get this line below done with the contents of an array.. $stmt->bind_param("sss", $firstname, $lastname, $email); Again, the values, and the field names are in the array, and roughly created like below. Anyone have an idea?
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.