lovephp Posted March 22, 2016 Share Posted March 22, 2016 what wrong am i doing here anyone? if($_SERVER["REQUEST_METHOD"] == "POST") { $ne_title = $_POST['ne_title']; $ne_description = $_POST['ne_description']; $ne_keyword = $_POST['ne_keyword']; if($_POST['ne_youtube'] ==''){ $ne_youtube = ''; }else{ $ne_youtube = $_POST['ne_youtube']; } $ne_youtube = $_POST['ne_youtube']; $ne_article = $_POST['ne_article']; $date=date("Y/m/d"); $url=''.create_slug($ne_title).'.php'; if($_FILES['file']['name']!='') { $tmp_name = $_FILES["file"]["tmp_name"]; $namefile = $_FILES["file"]["name"]; $ext = end(explode(".", $namefile)); $fileUpload = move_uploaded_file($tmp_name,"../uploads/images/".$image_name); $image_name=time().".".$ext; watermark_image($tmp_name,"../uploads/images/".$image_name); $img = ''.$image_name.''; }else{ $img = ''; } /*mysql_query("INSERT INTO article (`ne_title`,`ne_keyword`,`ne_description`,`ne_image`,`ne_youtube`,`ne_article`,`ne_url`) VALUES ('$ne_title','$ne_keyword','$ne_description','$img','$ne_youtube','$ne_article','$url')") or exit('<p align="center"><font color="red" size="5">Error:</font> Database not found.</p>');*/ $qry1 = "INSERT INTO article (ne_title, ne_keyword, ne_description, ne_image, ne_youtube, ne_article, ne_url) VALUES (:ne_title, :ne_keyword, :ne_description, :ne_image, :ne_youtube, :ne_article, :ne_url)"; $stmt = $db->prepare($qry1); $stmt->bindParam(':ne_title', $ne_title); $stmt->bindParam(':ne_keyword', $ne_keyword); $stmt->bindParam(':ne_description', $ne_description); $stmt->bindParam(':ne_image', $img); $stmt->bindParam(':ne_youtube', $ne_youtube); $stmt->bindParam(':ne_article', $ne_article); $stmt->bindParam(':ne_url', $url); $stmt->execute(); // $id = mysql_insert_id(); // mysql_query("UPDATE article SET ne_url='news-events/".$id."/".$url."' WHERE id ='".$id."'"); $id = $db->lastInsertId(); $seturl = "news-events/".$id."/".$url.""; $qry2 = "UPDATE article SET ne_url = :ne_url WHERE id = :id"; $stm = $db->prepare($qry2); $stmt->bindParam(':ne_url', $seturl); $stmt->bindParam(':id', $id); $stm->execute(); echo ('<meta http-equiv="refresh" content="1;url=post-article.php?id='.$id.'">'); } } the error i get is Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: no parameters were bound' in C:\wamp\www\web\post-article.php:139 Stack trace: #0 C:\wamp\www\web\post-article.php(139): PDOStatement->execute() #1 {main} thrown in C:\wamp\www\web\post-article.php on line 139 and if i try to upload image in the post i get this Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'ne_youtube' cannot be null' in C:\wamp\www\web\\post-article.php:129 Stack trace: #0 C:\wamp\www\web\post-article.php(129): PDOStatement->execute() #1 {main} thrown in C:\wamp\www\web\post-article.php on line 129 Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted March 22, 2016 Share Posted March 22, 2016 $stm isn't the same as $stmt. You might want to start using more descriptive names instead of cryptic, generic abbreviations. Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 22, 2016 Author Share Posted March 22, 2016 (edited) $stm isn't the same as $stmt. You might want to start using more descriptive names instead of cryptic, generic abbreviations. got that but what is wrong with my code that nothing is getting inserted? the image gets uploaded but not getting inserted into db Edited March 22, 2016 by lovephp Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 22, 2016 Author Share Posted March 22, 2016 also if there are ' quotes in any of my fields i get error data don't get submitted Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 22, 2016 Author Share Posted March 22, 2016 (edited) done PDO::PARAM_STR was the cure is that correct? but no it works only in my local not on webhost Edited March 22, 2016 by lovephp Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted March 22, 2016 Share Posted March 22, 2016 What exactly is the current problem? Are you getting an error? What does it say? Quote Link to comment Share on other sites More sharing options...
Psycho Posted March 22, 2016 Share Posted March 22, 2016 Your code is a mess. You need to slow down and take your time. Make sure you understand what you are doing. For example this: if($_POST['ne_youtube'] ==''){ $ne_youtube = ''; }else{ $ne_youtube = $_POST['ne_youtube']; } $ne_youtube = $_POST['ne_youtube']; I was going to say that the if/else was unnecessary since both conditions end up assigning the value of the post variable to $ne_youtube, but then I see you then have a line following the if/else to do just that! The if/else has absolutely no purpose. $url=''.create_slug($ne_title).'.php'; Why the '' at the beginning of the concatenated string? $fileUpload = move_uploaded_file($tmp_name,"../uploads/images/".$image_name); $image_name=time().".".$ext; You define the variable $fileUpload using $image_name as one of the components then, on the next line, you define $image_name. $fileUpload will have an incomplete value since $image_name was not defined prior to using it to define $fileUpload! I stopped looking at the code after that. 2 Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 22, 2016 Author Share Posted March 22, 2016 Your code is a mess. You need to slow down and take your time. Make sure you understand what you are doing. For example this: if($_POST['ne_youtube'] ==''){ $ne_youtube = ''; }else{ $ne_youtube = $_POST['ne_youtube']; } $ne_youtube = $_POST['ne_youtube']; I was going to say that the if/else was unnecessary since both conditions end up assigning the value of the post variable to $ne_youtube, but then I see you then have a line following the if/else to do just that! The if/else has absolutely no purpose. thanks for pointing that out bro head is in a mess im newly getting into PDO i had my site completed but than one of the staff here said about PDO and i got motivated to do everything in PDO than mysql functions $url=''.create_slug($ne_title).'.php'; Why the '' at the beginning of the concatenated string? the '' was there because i had date into it $fileUpload = move_uploaded_file($tmp_name,"../uploads/images/".$image_name); $image_name=time().".".$ext; You define the variable $fileUpload using $image_name as one of the components then, on the next line, you define $image_name. $fileUpload will have an incomplete value since $image_name was not defined prior to using it to define $fileUpload! I stopped looking at the code after that. Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 22, 2016 Author Share Posted March 22, 2016 What exactly is the current problem? Are you getting an error? What does it say? i get the following error Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens' in C:\wamp\www\web\post-article.php:74 Stack trace: #0 C:\wamp\www\web\post-article.php(74): PDOStatement->execute() #1 {main} thrown in C:\wamp\www\web\hms\post-article.php on line 74 while im trying to update records $qry1 = "UPDATE article SET ne_title = :ne_title, ne_keyword = :ne_keyword, ne_description = :ne_description, ne_image =' :ne_image, ne_youtube = :ne_youtube, ne_article = :ne_article WHERE id ='".$_GET['id']."'"; $stmt = $db->prepare($qry1); $stmt->bindParam(':ne_title', $ne_title); $stmt->bindParam(':ne_keyword', $ne_keyword); $stmt->bindParam(':ne_description', $ne_description); $stmt->bindParam(':ne_image', $img); $stmt->bindParam(':ne_youtube', $ne_youtube); $stmt->bindParam(':ne_article', $ne_article); $stmt->bindParam(':ne_url', $seturl); $stmt->bindParam(':id', $_GET['id']); $stmt->execute(); This is line 74 // mysql_query("UPDATE article SET ne_url='news-events/".$_GET['id']."/".$url."' WHERE id ='".$_GET['id']."'"); $seturl = "news-events/".$_GET['id']."/".$url.""; $qry2 = "UPDATE article SET ne_url = :ne_url WHERE id = :id"; $statement = $db->prepare($qry2); $statement->bindParam(':ne_url', $seturl); $statement->bindParam(':id', $_GET['id']); $statement->execute(); echo ('<meta http-equiv="refresh" content="1;url=post-article.php?id='.$_GET['id'].'">'); } also if in if i try to write anything with a ' single quite i get error bro Quote Link to comment Share on other sites More sharing options...
benanamen Posted March 22, 2016 Share Posted March 22, 2016 You bound ID but then didn't use it. Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 22, 2016 Author Share Posted March 22, 2016 (edited) You bound ID but then didn't use it. i corrected it bro still i get error $qry1 = "UPDATE article SET ne_title = :ne_title, ne_keyword = :ne_keyword, ne_description = :ne_description, ne_image = :ne_image, ne_youtube = :ne_youtube, ne_article = :ne_article WHERE id = :id"; $stmt = $db->prepare($qry1); $stmt->bindParam(':ne_title', $ne_title); $stmt->bindParam(':ne_keyword', $ne_keyword); $stmt->bindParam(':ne_description', $ne_description); $stmt->bindParam(':ne_image', $img); $stmt->bindParam(':ne_youtube', $ne_youtube); $stmt->bindParam(':ne_article', $ne_article); $stmt->bindParam(':ne_url', $seturl); $stmt->bindParam(':id', $_GET['id']); $stmt->execute(); // mysql_query("UPDATE article SET ne_url='news-events/".$_GET['id']."/".$url."' WHERE id ='".$_GET['id']."'"); $seturl = "news-events/".$_GET['id']."/".$url.""; $qry2 = "UPDATE article SET ne_url = :ne_url WHERE id = :id"; $statement = $db->prepare($qry2); $statement->bindParam(':ne_url', $seturl); $statement->bindParam(':id', $_GET['id']); $statement->execute(); the same error Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens' in C:\wamp\www\web\post-article.php:74 Stack trace: #0 C:\wamp\www\web\post-article.php(74): PDOStatement->execute() #1 {main} thrown in C:\wamp\www\web\hms\post-article.php on line 74 Edited March 22, 2016 by lovephp Quote Link to comment Share on other sites More sharing options...
benanamen Posted March 22, 2016 Share Posted March 22, 2016 Your missing url 1 Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 22, 2016 Author Share Posted March 22, 2016 (edited) fixed it had an unnecessary Bind $stmt->bindParam(':ne_url', $seturl); but the single quote issue still remains Edited March 22, 2016 by lovephp Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 22, 2016 Author Share Posted March 22, 2016 Your missing url yes bro figured that out now how to get rid of ' quote issue? whenever i try to add that i get syntax error Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 22, 2016 Author Share Posted March 22, 2016 it seem to have disappeared after usage of bindParam in all insert or update areas, dunno if i did it right or wrong but seems to be doing ok now seriously i thank all of you for motivating me to put my head into PDO in one of my topic im on it and i will learn it well Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 22, 2016 Author Share Posted March 22, 2016 now i see one other issue that is if in the address bar in url i add a ' like this http://localhost/web/post-article.php?id=62' i get error on page Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1' does that mean my code is not secure? how would i hide such error from showing? Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted March 22, 2016 Share Posted March 22, 2016 You need to fix the problem, not hide the error message. Appearently you're still inserting $_GET parameters straight into your query strings. Do what Psycho said: Slow down, take a deep breath, and then carefully analyze your code. Quote Link to comment Share on other sites More sharing options...
lovephp Posted March 23, 2016 Author Share Posted March 23, 2016 You need to fix the problem, not hide the error message. Appearently you're still inserting $_GET parameters straight into your query strings. Do what Psycho said: Slow down, take a deep breath, and then carefully analyze your code. Could you please show me the correct way to do it? would really appreciate it. As its news to me im having hard time with mysql old way i could have solved it but with pdo im not understanding how to even escape strings. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted March 23, 2016 Share Posted March 23, 2016 Just to throw another idea out there since you had a problem with the bindparam calls. Use the execute() method with an array of your parms in place of all those individual bind calls. Much easier to implement IMHO. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.