Data trail ends before it gets to database

[TechnoDiver]

I've been trying to write some code that takes user supplied information, sends it to a database (phpmyadmin) and also displays it elsewhere in the app. I'm to the point I'm trying to get it to the database right now. The issue is that it's not making it to the DB and is being lost somewhere. There's no warnings, no errors, nothing being returned anywhere to help resolve the problem, except in the browsers dev tools and that is different whether it's chrome or FF. It's also something that I have trouble seeing being responsible for the loss of data.

In Chrome it comes back as -> Page layout may be unexpected due to Quirks Mode

In FF as -> Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content.

But, like I said, I can't see how this is to blame for the data not making it to the DB and I see no difference in the layout or style anyways.

At the top of add_post.php is the following:

<?php
require("assets/initializations.php");

if(isset($_POST['add_post']) && !empty($_FILES['post_image'])) {
    $filename = $_FILES['post_image']['name'];
    $file_tmp_name = $_FILES['post_image']['tmp_name'];
    $filesize = $_FILES['post_image']['size'];

    $file_ext = explode('.', $filename);
    $file_act_ext = strtolower(end($file_ext));
    $allowed = array('jpeg', 'jpg', 'png', 'gif');

    if(!in_array($file_act_ext, $allowed)) {
        echo "<script>alert('File Type Not Allowed');</script>";
        //not sure how well this size check is working, have to experiment more
        //also need to research how to do an initial image check
    } elseif($filesize > 10000000) {
        echo "<script>alert('Image Is Too Large');</script>";

    } else {
        $file_new_name = uniqid('', true) . "." . $file_act_ext;
        $dir = "/opt/lampp/htdocs/qcic/usernet/img/";
        $target_file = $dir . basename($file_new_name);
        
        move_uploaded_file($file_tmp_name, $target_file);
        
        $post_obj->addNews(
            $_POST['title'], $_POST['content'], $_POST['category'], 
            $_POST['status'], $_POST['post_type'], $_POST['tags'], $target_file
        );

        echo "<script>alert('Your Post Has Been Added');</script>";

        mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);
    }
}

?>
<?php require('includes/header.php'); ?>

Most of it is handling the image. The Post and User objects are instantiated in initializations.php at the top. The image uploads fine, everything works except the post object. The class for that is ->

<?php 
    class Post {
        private $conn;
        private $user_obj;

        public function __construct($conn, $user) {
            $this->conn = $conn;
            $this->user_obj = new User($conn, $user);

        }

        public function addNews($title, $content, $category, $status, $type, $tags, $image) {
            if(!empty($title) && !empty($content)) {
                $title = strtoupper($title);
                $title = mysqli_real_escape_string($this->conn, $title);

                $content = nl2br($content);
                $content = mysqli_real_escape_string($this->conn, $content);

                $added_by = $this->user_obj->getUsername();

                $query = mysqli_query($this->conn, "SELECT top_cat_id FROM top_categories WHERE top_cat_title='$category'");
                $row = mysqli_fetch_array($query);
                $cat_id = $row['top_cat_id'];

                $statement = $this->conn->prepare("INSERT INTO news VALUES ('', '$title', '$content', '$added_by', '$category', '$cat_id', '$image', '$tags', '$status', '$type', '?', '?', '?', '?');");
                if($statement) {
                    $statement->execute();
                } else {
                    echo "You messed up somewhere";
                }
            }
        }
    }

?>

I'm not the best or most experienced coder, for sure, but in the few months I've been learning PHP I've written a few DB queries now and this looks right to me. The first attempt didn't have prepared statements but that wasn't getting the data to the DB either. I've checked that the number of fields being sent match the number of fields in the DB, been tinkering with a few small things since yesterday on it, nothing works and as I said, no error or warning is coming back to work from, no message at all to work from. The only thing it triggers is those 2 console messages I mentioned above and the image does get to its new location. It's to the point now I'm just blank-mindedly staring at code. I'm not even getting back the else echo "You messed up somewhere" error from the final if statement, just the javascript alert that it was sent correctly, which it wasn't.

I can really use some guidance on this one, thank you

[Barand]

Put this line of code just before your mysqi_connect() line.

mysqli_report(MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT);

So long as you have error display turned on, that will tell you if any mysql errors occured

[TechnoDiver]

Yea, that got me an error that time. I saved that line of code when you taught it to me a month or so ago and was using it but I guess in the wrong place. That got me an error when I moved it. I decided I'd just make it a full prepared statement first and then fix it after that. I'm trying to work out this new error ->

Quote

Fatal error: Uncaught Error: mysqli_stmt::bind_param(): Argument #11 cannot be passed by reference in /opt/lampp/htdocs/site/assets/class/Post.php:31 Stack trace: #0 /opt/lampp/htdocs/site/admin/add_post.php(30)

Is this error referring to the 11th argument in the prepared statement? I'm not sure what it's saying.

It might sound silly but if that's what it means it's really weird because the 10th, 11th and 12th parameters are all integers set to zero right now, but it's only referencing the 11th

[mac_gyver]

you would need to post your current code to get any help with it. the previously posted code doesn't even have a bind_param() statement in it. best guess, you are trying to supply a literal value, rather than a variable as a parameter. this is yet another reason to switch to the much simpler, more consistent, and better designed PDO extension. you can supply an array of values to the ->execute([...]) call that can be anything - variables, function calls, literal values, math expressions, ...

[TechnoDiver]

12 hours ago, mac_gyver said:

you would need to post your current code to get any help with it. the previously posted code doesn't even have a bind_param() statement in it. best guess, you are trying to supply a literal value, rather than a variable as a parameter. this is yet another reason to switch to the much simpler, more consistent, and better designed PDO extension. you can supply an array of values to the ->execute([...]) call that can be anything - variables, function calls, literal values, math expressions, ...

Yea, you're right, I was thinking it may have been explainable without the code

here is the amended addNews method ->

public function addNews($title, $content, $category, $status, $type, $tags, $image) {
            if(!empty($title) && !empty($content)) {
                $title = strtoupper($title);
                $title = mysqli_real_escape_string($this->conn, $title);

                $content = nl2br($content);
                $content = mysqli_real_escape_string($this->conn, $content);

                $added_by = $this->user_obj->getUsername();

                $query = mysqli_query($this->conn, "SELECT top_cat_id FROM top_categories WHERE top_cat_title='$category'");
                $row = mysqli_fetch_array($query);
                $cat_id = $row['top_cat_id'];
                $date_added = "todays date";

                $statement = $this->conn->prepare("INSERT INTO news (
                    title, content, add_by, post_category, post_cat_id, post_image, tags, status, type, num_likes, num_comments, num_views, date_added
                    ) VALUES ('?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?', '?');");

                $statement->bind_param('ssssissssiiis', $title, $content, $added_by, $category, $cat_id, $image, $tags, $status, $type, '0', '0', '0', $date_added);
                
                if($statement) {
                    $statement->execute();
                } else {
                    echo "You messed up somewhere";
                }

 

[Barand]

 

Do not put quotes around placeholders. You do not want them treated as string literals

[mac_gyver]

a. the ? place-holders do not get surrounded by quotes in the sql statement. the single-quotes around them will result in literal ? characters being used as the values.

b. as suspected, you cannot supply literal values in a bind_param() statement. you must either put literal values into the sql statement, put them into variables that would then be used in the bind_param() statement, or switch to the much better PDO extension. edit: or set them as the default values in your db table definition, and leave those columns out of the sql query.

Edited July 31, 2021 by mac_gyver

[TechnoDiver]

Ok, Thanks again folks here. I knew I shouldn't have had the ? in '' but for some reason I did it anyways. What I didn't know was that I couldn't pass those 0 integers in the bind_param as literals and they needed to be passed as variables.

Thanks for the help, I've learned a lot from you folks here