Jump to content

using Prepared Statement's to Insert data into a Database

chinds

By chinds
in PHP Coding Help

 Share
Go to solution Solved by kicken,

Recommended Posts

chinds Newbie

chinds

Posted
Posted

HI, 

 

I am building  a PHP and Mysqli based shopping cart for my UNI project. I have been using prepared statements for everything so far and they work great.

 

However I have hit my first problem. I cannot seem to insert data into the database using a prepared statement.

 

I have written a function that first checks to see if a product already exists. this works well and if that product does not exist it should run the prepared stmt and insert the data. However it is skipping over the insert part and going straight to the 'else' section of the 'if' stating that a product could not be uploaded.

 

Here is the function that is not working. As before the first part works well, just have a problem when it actually comes to add the product.

function addProduct($productName, $productPrice, $productCategory, $productShortDesc, $productLongDesc, $productShipping, $productQTY) {
		//Check if item already exists
		$qry = "Select id FROM products WHERE name = ? LIMIT 1";
		if ($stmt = $this->conn->prepare($qry)) {
			
			$stmt->bind_param('s', $productName);
			$stmt->execute();
			$stmt->bind_result($p_id);
			
			if($stmt->fetch()) {
				
				echo "Sorry. That product already exists.";
				exit();	
				
			} else {
				$qry2 = ("INSERT INTO products (name, short_desc, long_desc, category, price, shipping, qty)
				VALUES('$productName', '$productShortDesc', '$productLongDesc', '$productCategory', '$productPrice','$productShipping', '$productQTY'");
				
				if ($stmt = $this->conn->prepare($qry2)) {
				//Add item to DB
							
					$stmt->execute();
					
					$stmt->insert_id;
					//Place image in folder
					$newname = "$pid.jpg";
					move_uploaded_file($FILES['fileField']['tmp_name'], "../product_images/$newname");
					
				} else {
					
					echo "Error adding new product, Please check all details and try again.";
					
				}
					
			}
			
		}
	
	}

 

Regards

Chris

  • Solution
kicken Prolific Member

kicken

Posted
  • Solution
Posted

You are not using prepared statements properly for your INSERT query. You need to use placeholders instead of the variables for the values, then bind the variables using bind_param. Same as you did with the above SELECT statement.

chinds Newbie

chinds

Posted
  • Author
Posted

You are not using prepared statements properly for your INSERT query. You need to use placeholders instead of the variables for the values, then bind the variables using bind_param. Same as you did with the above SELECT statement.

Hi thanks for the reply. I have the problem sorted now. was missing a closing bracket :/

 

I didn't know I should be using the 'bind_param' function for each query.

 

I'll make sure i do this from now on. thank you for your help.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.