Jump to content

Recommended Posts

what wrong am i doing here anyone?

 

if($_SERVER["REQUEST_METHOD"] == "POST")
            {
            
                $ne_title = $_POST['ne_title'];
                $ne_description = $_POST['ne_description'];
                $ne_keyword = $_POST['ne_keyword'];
                if($_POST['ne_youtube'] ==''){
                $ne_youtube = '';
                }else{
                $ne_youtube = $_POST['ne_youtube'];
                }
                $ne_youtube = $_POST['ne_youtube'];
                $ne_article = $_POST['ne_article'];        

                $date=date("Y/m/d");                
                $url=''.create_slug($ne_title).'.php';

            
            if($_FILES['file']['name']!='')
            {
                $tmp_name = $_FILES["file"]["tmp_name"];
                $namefile = $_FILES["file"]["name"];
                $ext = end(explode(".", $namefile));
                $fileUpload = move_uploaded_file($tmp_name,"../uploads/images/".$image_name);
                $image_name=time().".".$ext;                
                watermark_image($tmp_name,"../uploads/images/".$image_name);
                $img = ''.$image_name.'';
            }else{
                $img = '';
            }

    /*mysql_query("INSERT INTO article
                  (`ne_title`,`ne_keyword`,`ne_description`,`ne_image`,`ne_youtube`,`ne_article`,`ne_url`)
                  VALUES
                  ('$ne_title','$ne_keyword','$ne_description','$img','$ne_youtube','$ne_article','$url')") or exit('<p align="center"><font color="red" size="5">Error:</font> Database not found.</p>');*/
                  
                  
                  
                  $qry1 = "INSERT INTO article
                  (ne_title, ne_keyword, ne_description, ne_image, ne_youtube, ne_article, ne_url)
                  VALUES
                  (:ne_title, :ne_keyword, :ne_description, :ne_image, :ne_youtube, :ne_article, :ne_url)";
                  $stmt = $db->prepare($qry1);
                  $stmt->bindParam(':ne_title', $ne_title);
                  $stmt->bindParam(':ne_keyword', $ne_keyword);
                  $stmt->bindParam(':ne_description', $ne_description);
                  $stmt->bindParam(':ne_image', $img);
                  $stmt->bindParam(':ne_youtube', $ne_youtube);
                  $stmt->bindParam(':ne_article', $ne_article);
                  $stmt->bindParam(':ne_url', $url);
                  $stmt->execute();
                  
                 // $id = mysql_insert_id();
                  // mysql_query("UPDATE article SET ne_url='news-events/".$id."/".$url."' WHERE id ='".$id."'");
                  $id = $db->lastInsertId();        
                  $seturl = "news-events/".$id."/".$url."";
                  $qry2 = "UPDATE article SET ne_url = :ne_url WHERE id = :id";
                  $stm = $db->prepare($qry2);                  
                  $stmt->bindParam(':ne_url', $seturl);      
                  $stmt->bindParam(':id', $id);            
                  $stm->execute();
                 echo ('<meta http-equiv="refresh" content="1;url=post-article.php?id='.$id.'">');    
        }
    }

 

the error i get is

 

 

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: no parameters were bound' in C:\wamp\www\web\post-article.php:139 Stack trace: #0 C:\wamp\www\web\post-article.php(139): PDOStatement->execute() #1 {main} thrown in C:\wamp\www\web\post-article.php on line 139

 

and if i try to upload image in the post i get this

 

 

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'ne_youtube' cannot be null' in C:\wamp\www\web\\post-article.php:129 Stack trace: #0 C:\wamp\www\web\post-article.php(129): PDOStatement->execute() #1 {main} thrown in C:\wamp\www\web\post-article.php on line 129
Link to comment
https://forums.phpfreaks.com/topic/301067-mysql-to-pdo-data-not-getting-submitted/
Share on other sites

$stm isn't the same as $stmt. You might want to start using more descriptive names instead of cryptic, generic abbreviations.

got that but what is wrong with my code that nothing is getting inserted? the image gets uploaded but not getting inserted into db

Edited by lovephp

Your code is a mess. You need to slow down and take your time. Make sure you understand what you are doing. For example this:

 

                if($_POST['ne_youtube'] ==''){
                $ne_youtube = '';
                }else{
                $ne_youtube = $_POST['ne_youtube'];
                }

                $ne_youtube = $_POST['ne_youtube'];

 

I was going to say that the if/else was unnecessary since both conditions end up assigning the value of the post variable to $ne_youtube, but then I see you then have a line following the if/else to do just that! The if/else has absolutely no purpose. 

 

 

$url=''.create_slug($ne_title).'.php';

Why the '' at the beginning of the concatenated string?

 

 

                $fileUpload = move_uploaded_file($tmp_name,"../uploads/images/".$image_name);
                $image_name=time().".".$ext;

You define the variable $fileUpload using $image_name as one of the components then, on the next line, you define $image_name. $fileUpload will have an incomplete value since $image_name was not defined prior to using it to define $fileUpload!

 

 

I stopped looking at the code after that.

  • Like 2

Your code is a mess. You need to slow down and take your time. Make sure you understand what you are doing. For example this:

                if($_POST['ne_youtube'] ==''){
                $ne_youtube = '';
                }else{
                $ne_youtube = $_POST['ne_youtube'];
                }

                $ne_youtube = $_POST['ne_youtube'];

I was going to say that the if/else was unnecessary since both conditions end up assigning the value of the post variable to $ne_youtube, but then I see you then have a line following the if/else to do just that! The if/else has absolutely no purpose. 

 

thanks for pointing that out bro head is in a mess im newly getting into PDO i had my site completed but than one of the staff here said about PDO and i got motivated to do everything in PDO than mysql functions

$url=''.create_slug($ne_title).'.php';

Why the '' at the beginning of the concatenated string?

 

the '' was there because i had date into it

                $fileUpload = move_uploaded_file($tmp_name,"../uploads/images/".$image_name);
                $image_name=time().".".$ext;

You define the variable $fileUpload using $image_name as one of the components then, on the next line, you define $image_name. $fileUpload will have an incomplete value since $image_name was not defined prior to using it to define $fileUpload!

 

 

I stopped looking at the code after that.

What exactly is the current problem? Are you getting an error? What does it say?

i get the following error

 

 

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens' in C:\wamp\www\web\post-article.php:74 Stack trace: #0 C:\wamp\www\web\post-article.php(74): PDOStatement->execute() #1 {main} thrown in C:\wamp\www\web\hms\post-article.php on line 74

 

while im trying to update records

 

        $qry1 = "UPDATE article SET ne_title = :ne_title, ne_keyword = :ne_keyword, ne_description = :ne_description, ne_image =' :ne_image, ne_youtube = :ne_youtube, ne_article = :ne_article WHERE id ='".$_GET['id']."'";
        $stmt = $db->prepare($qry1);
        $stmt->bindParam(':ne_title', $ne_title);  
        $stmt->bindParam(':ne_keyword', $ne_keyword);  
        $stmt->bindParam(':ne_description', $ne_description);  
        $stmt->bindParam(':ne_image', $img);  
        $stmt->bindParam(':ne_youtube', $ne_youtube);  
        $stmt->bindParam(':ne_article', $ne_article);  
        $stmt->bindParam(':ne_url', $seturl);  
        $stmt->bindParam(':id', $_GET['id']);
        $stmt->execute(); This is line 74
        
        // mysql_query("UPDATE article SET ne_url='news-events/".$_GET['id']."/".$url."' WHERE id ='".$_GET['id']."'");
        $seturl = "news-events/".$_GET['id']."/".$url."";
        $qry2 = "UPDATE article SET ne_url = :ne_url WHERE id = :id";
        $statement = $db->prepare($qry2);                  
        $statement->bindParam(':ne_url', $seturl);      
        $statement->bindParam(':id', $_GET['id']);            
        $statement->execute();
         echo ('<meta http-equiv="refresh" content="1;url=post-article.php?id='.$_GET['id'].'">');    
    }  

 

also if in if i try to write anything with a ' single quite i get error bro

You bound ID but then didn't use it.

i corrected it bro still i get error

 
        $qry1 = "UPDATE article SET ne_title = :ne_title, ne_keyword = :ne_keyword, ne_description = :ne_description, ne_image = :ne_image, ne_youtube = :ne_youtube, ne_article = :ne_article WHERE id = :id";
        $stmt = $db->prepare($qry1);
        $stmt->bindParam(':ne_title', $ne_title);  
        $stmt->bindParam(':ne_keyword', $ne_keyword);  
        $stmt->bindParam(':ne_description', $ne_description);  
        $stmt->bindParam(':ne_image', $img);  
        $stmt->bindParam(':ne_youtube', $ne_youtube);  
        $stmt->bindParam(':ne_article', $ne_article);  
        $stmt->bindParam(':ne_url', $seturl);  
        $stmt->bindParam(':id', $_GET['id']);
        $stmt->execute();
        
        // mysql_query("UPDATE article SET ne_url='news-events/".$_GET['id']."/".$url."' WHERE id ='".$_GET['id']."'");
        $seturl = "news-events/".$_GET['id']."/".$url."";
        $qry2 = "UPDATE article SET ne_url = :ne_url WHERE id = :id";
        $statement = $db->prepare($qry2);                  
        $statement->bindParam(':ne_url', $seturl);      
        $statement->bindParam(':id', $_GET['id']);            
        $statement->execute();

 

the same error

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens' in C:\wamp\www\web\post-article.php:74 Stack trace: #0 C:\wamp\www\web\post-article.php(74): PDOStatement->execute() #1 {main} thrown in C:\wamp\www\web\hms\post-article.php on line 74
Edited by lovephp

it seem to have disappeared after usage of bindParam in all insert or update  areas, dunno if i did it right or wrong but seems to be doing ok now :) seriously i thank all of you for motivating me to put my head into PDO in one of my topic :) im on it and i will learn it well :)

now i see one other issue that is if in the address bar in url i add a ' like this

 

http://localhost/web/post-article.php?id=62'

 

i get error on page

 

 

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1'

 

does that mean my code is not secure? how would i hide such error from showing?

You need to fix the problem, not hide the error message. Appearently you're still inserting $_GET parameters straight into your query strings.

 

Do what Psycho said: Slow down, take a deep breath, and then carefully analyze your code.

Could you please show me the correct way to do it? would really appreciate it. As its news to me im having hard time with mysql old way i could have solved it but with pdo im not understanding how to even escape strings.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.