simple prepared statements question

[ihopethisworks]

Hello, thanks for reading --

 

The simple page below should grab a user id ($_SESSION['id']) and message ($_POST['message']) and insert them them to a table using prepared statements. However, currently the script prints '-1 rows affected,' indicating failure, without inserting data. I'm sure I'm overlooking something simple here?

Thanks very much

 

 

<?php session_start();require_once '../includes/constants.php';$con = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME);if(mysqli_connect_errno()){    printf("Connect failed: %s\n", mysqli_connect_error());    exit(); }$stmt = $con->prepare("INSERT INTO stories (id, message) VALUES(?,?)");$id = $_SESSION['id'];$message = $_POST['message'];$message = addslashes($message);$stmt->bind_param('is', $id, $message);echo $id . $message;$stmt->execute();printf("%d Row inserted. \n", $stmt->affected_rows);$stmt->close();

 

[PFMaBiSmAd]

Your code works for me, therefore there must be something going on with it on your server. And since you actually have some error checking and reporting logic for the connection, you most likely have a problem with your table or your columns or perhaps the mysqli extension is not enabled.

 

Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON so that all the php errors would be reported and displayed?

 

$stmt->execute(); will return a FALSE value if the query fails due to an error and you can use $stmt->error to find out why it failed.

 

 

[ihopethisworks]

PFMaBiSmAd -- thank you so much for your time. ->error showed me it was a duplicate entry situation -- thanks for your help! Very much appreciated.

[PFMaBiSmAd]

Since one of the benefits of using prepared statements is that string data will be escaped for you, you should remove the addslashes() function call from the code.