vet911 Posted August 10, 2016 Share Posted August 10, 2016 This is the error I'm getting. Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'xxx', desc2 ='xx', desc3 ='x' WHERE id = '1'' at line 15' in This is my code: require_once('connect.php'); $get_id=$_REQUEST['id']; $fname = $_POST['fname']; $lname = $_POST['lname']; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; $phone = $_POST['phone']; $large = $_POST['large']; $lsize = $_POST['lsize']; $lmatl = $_POST['lmatl']; $medium = $_POST['medium']; $msize = $_POST['msize']; $mmatl = $_POST['mmatl']; $small = $_POST['small']; $ssize = $_POST['ssize']; $smatl = $_POST['smatl']; $desc1 = $_POST['desc1']; $desc2 = $_POST['desc2']; $desc3 = $_POST['desc3']; $sql = "UPDATE register SET fname ='$fname', lname ='$lname', address ='$address', city ='$city', state ='$state', zip ='$zip', phone ='$phone', large ='$large', lsize ='$lsize', lmatl ='$lmatl', medium ='$medium', msize ='$msize', mmatl ='$mmatl', small ='$small, ssize ='$ssize', smatl ='$smatl', desc1 ='$desc1', desc2 ='$desc2', desc3 ='$desc3' WHERE id = '$get_id' "; $dbh->exec($sql); If you could give me some direction to figure this out it would be appreciated. Thanks in advance for your time. Quote Link to comment Share on other sites More sharing options...
Solution Jacques1 Posted August 10, 2016 Solution Share Posted August 10, 2016 After 6 years, it's about time you meet Bobby Tables. And what's the matter with all those variables? Why can you not use $_POST directly? <?php // create and execute a prepared statement to prevent SQL injection attacks $registerStmt = $dbh->prepare(' UPDATE register SET fname = :fname, lname = :lname, -- ... WHERE id = :user_id '); $registerStmt->execute([ 'fname' => $_POST['fname'], 'lname' => $_POST['lname'], // ..., 'id' => $get_id, ]); Quote Link to comment Share on other sites More sharing options...
vet911 Posted August 11, 2016 Author Share Posted August 11, 2016 Thanks for the reply, like the Bobby Tables but still lost on how to do it. I'm really lost. Quote Link to comment Share on other sites More sharing options...
ginerjm Posted August 11, 2016 Share Posted August 11, 2016 Why not do some searching and find something to read and learn from? That's how most of us do it. We could probably show you, but what good would that do you? You wouldn't learn how to do it. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted August 11, 2016 Share Posted August 11, 2016 I've given you the exact code, so how can you be lost now? What's the problem? Quote Link to comment Share on other sites More sharing options...
vet911 Posted August 11, 2016 Author Share Posted August 11, 2016 Ok so this is what I have now. <?php try { { /*** mysql hostname ***/ $hostname = 'localhost'; /*** mysql username ***/ $username = 'xxxx'; /*** mysql password ***/ $password = ''; $dbname = 'dblogin'; $dhb = null; $dbh = new PDO("mysql:host=$hostname;dbname=$dbname", $username, $password); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); $dbh->setAttribute(PDO::MYSQL_ATTR_USE_BUFFERED_QUERY, true ); /***echo a message saying we have connected***/ echo "connected"; $get_id=$_REQUEST['id']; $registerStmt = $dbh->prepare(' UPDATE register SET fname = :fname, lname = :lname, address = :address, city = :city, state = :state, zip = :zip, phone = :phone, large = :large, lsize = :lsize, lmatl = :lmatl, medium = :medium, msize = :msize, mmatl = :mmatl, small = :small, ssize = :ssize, smatl = :smatl, desc1 = :$desc1, desc2 = :$desc2, desc3 = :$desc3 WHERE id = :id '); $registerStmt->execute([ 'fname' => $_POST['fname'], 'lname' => $_POST['lname'], 'address' => $_POST['address'], 'city' => $_POST['city'], 'state' => $_POST['state'], 'zip' => $_POST['zip'], 'phone' => $_POST['phone'], 'large' => $_POST['large'], 'lsize' => $_POST['lsize'], 'lmatl' => $_POST['lmatl'], 'medium' => $_POST['medium'], 'msize' => $_POST['msize'], 'mmatl' => $_POST['mmatl'], 'small' => $_POST['small'], 'ssize' => $_POST['ssize'], 'smatl' => $_POST['smatl'], 'desc1' => $_POST['desc1'], 'desc2' => $_POST['desc2'], 'desc3' => $_POST['desc3'], 'id' => $get_id, ]); } } catch(PDOException $e) { echo $e->getMessage(); } ?> And this is the error message. SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens I counted all the variables and tokens and I think they match, so am I wrong? Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted August 11, 2016 Share Posted August 11, 2016 The :$desc1, ... parameters are broken. Remove the dollar sign. Quote Link to comment Share on other sites More sharing options...
vet911 Posted August 12, 2016 Author Share Posted August 12, 2016 I have to say you are the man. I have looked at that sense this morning when I made the post about being lost. I can honestly say I did not see those dollar signs. I appreciate all your help. Something else has been in my thoughts, I have a sign up page and after you login it brings you to a form which is blank. I want people to be able to change their own stuff. If they did it right the would have to fill out, name address, city, state, phone before they cold save that page without filling in the rest of the form. What I'm thinking, is there a way to see if they filled out the partial required form and if so it will load that info and they would be able to fill in the rest or update it at a later time? Thanks for your help. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted August 12, 2016 Share Posted August 12, 2016 I'm not sure what you're asking. Yes, you can make some fields mandatory and some fields optional simply by implementing the validation logic accordingly (an empty required field leads to an error, an empty optional field doesn't). And, yes, you can pre-fill the form with existing values that are stored e. g. in the database. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.