kenoli Posted January 3, 2021 Share Posted January 3, 2021 I'm trying to create a script to use PDO prepared statements to enter data from a post form using functions to perform the PDO required statements. But, it's not working. When I execute it, it enters null in all the fields. I'm hoping someone can tell me why this is not working. I think the functions output what PDO is looking for. I'm not sure how to do this otherwise without writing a lot of code like $site_name= $_POST['site_name']; and entering all of that in the PDO statments. It seemed like it made sense to create the statements from the post array. My code is included below and after that is some output I used to monitor what is going on that shows the output of the functions in the script. Am I doing this all wrong. Is another approach that I haven't discovered? Thanks --Kenoli <?php if(isset($_POST['submit'])){ /** Establish DB connection. Not real data, of course. */ $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password); // set the PDO error mode to exception $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); /** Remove empty $_POST elements. */ $insert_array = array_filter($_POST); /** Whitelists input to identify columns to which changes are allowed */ $whitelist = array('site_name' =>'', 'site_address' =>'', 'description' =>'', 'surface' =>'', 'tio_contact' =>'', 'site_contact' =>'', 'contact_phone' =>'', 'contact_email' =>'', 'contact_date' =>'', 'comments' =>''); $insert_array = array_intersect_key($insert_array,$whitelist); /************/ /** Create query from $insert_array. */ foreach($insert_array as $key => $value) { $col .= $key . ', '; $val .= ':' .$key . ', '; } /** Remove ', " from end of each array. */ /* For use with update actions to prevent deleting data from fields that contain data. */ $col = substr_replace($col ,"",-2); $val = substr_replace($val ,"",-2); $sql = "INSERT INTO Sites ($col) VALUES ($val)"; /* The result is: INSERT INTO Sites (site_name, site_address, description, contact_phone) VALUES (:site_name, :site_address, :description, :contact_phone)*/ /************/ /** Prepared statement functions */ $stmt = $conn->prepare($sql); foreach($insert_array as $key => $value) { $param = ':' . $key; $stmt->bindParam($param, $$value); echo '$' . "stmt->bindParam($param, $$key)<br>"; // Monitor output } foreach($insert_array as $key => $value) { $$key = $value; echo "$$key = $value<br>"; // Monitor output } $stmt->execute(); // Execute insert ?> The result with dummy data: $insert_array ( [site_name] => asdfasdf [site_address] => Asdffads [description] => Asdfs [contact_phone] => Asdfsdaf ) Here is the prepared statement: INSERT INTO Sites (site_name, site_address, description, contact_phone) VALUES (:site_name, :site_address, :description, :contact_phone) $stmt->bindParam(:site_name, $site_name) $stmt->bindParam(:site_address, $site_address) $stmt->bindParam(:description, $description) $stmt->bindParam(:contact_phone, $contact_phone) $site_name = asdfasdf $site_address = Asdffads $description = Asdfs $contact_phone = Asdfsdaf Everything looks right but NULLs are inserted in all fields. Quote Link to comment https://forums.phpfreaks.com/topic/311972-trouble-inserting-post-data-into-pdo-prepared-statements/ Share on other sites More sharing options...
Barand Posted January 3, 2021 Share Posted January 3, 2021 All you need is $insert_array = [ 'site_name' => 'asdfasdf', 'site_address' => 'Asdffads', 'description' => 'Asdfs', 'contact_phone' => 'Asdfsdaf' ]; $stmt = $conn->prepare("INSERT INTO Sites (site_name, site_address, description, contact_phone) VALUES (:site_name, :site_address, :description, :contact_phone) "); $stmt->execute($insert_array); Quote Link to comment https://forums.phpfreaks.com/topic/311972-trouble-inserting-post-data-into-pdo-prepared-statements/#findComment-1583646 Share on other sites More sharing options...
kenoli Posted January 4, 2021 Author Share Posted January 4, 2021 Barand -- Many thanks. That did it. I just had to change my last function. I should have known that. I was barking up another tree. --Kenoli Quote Link to comment https://forums.phpfreaks.com/topic/311972-trouble-inserting-post-data-into-pdo-prepared-statements/#findComment-1583649 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.