PDO form not saving data to database

[EarthDay]

Hi Everyone,

I have modified a working form that works fine on my system but the changes that I have made are not working on the new form.

I have error and PDO error reporting switched on and it's not giving me any error messages. 

I have checked and triple checked everything and matches the database fine.

I am scratching my head now and can't see the issue.

Many thanks,

ED.

<?php
include '../../main.php';
check_loggedin($pdo);
$msg    =   null;
$date = new DateTime();
$totay_date = $date->format('Y-m-d\TH:i:s');
if (isset($_GET['id'])) {
    $stmt = $pdo->prepare('SELECT * FROM contacts WHERE id = ?');
    $stmt->execute([$_GET['id']]);
    $contact = $stmt->fetch(PDO::FETCH_ASSOC);

$stmt = $pdo->prepare('SELECT id,username FROM accounts');
$stmt->execute();
$all_account_info = $stmt->fetchAll(PDO::FETCH_ASSOC);

    if(isset($_POST['learning_actual_end_date']) == null || isset($_POST['partcipant_complete_course']) == null || isset($_POST['withdrawal_reason']) == null || isset($_POST['participant_intended_learning']) == null || isset($_POST['pcp_education']) == null || isset($_POST['coursestart_date']) == null || isset($_POST['education_provider_name']) == null || isset($_POST['course_title']) == null || isset($_POST['course_level']) == null || isset($_POST['planned_glh']) == null || isset($_POST['in_paid_employment']) == null || isset($_POST['in_paid_employment_start_date']) == null || isset($_POST['in_paid_employer_name_address']) == null || isset($_POST['in_paid_job_title']) == null || isset($_POST['in_paid_contracted_hour']) == null || isset($_POST['not_in_paid_employment']) == null || isset($_POST['pcp_gap_year']) == null || isset($_POST['pcp_others']) == null || isset($_POST['pcp_voluntary_work']) == null || isset($_POST['destination_progression_date']) == null || isset($_POST['destination_progression_collecton_date']) == null || isset($_POST['project_officer_name']) == null || isset($_POST['project_officer_date']) == null || isset($_POST['project_officer_date']) == null || isset($_POST['participant__name']) == null || isset($_POST['participant__signature']) == null || isset($_POST['participant__date']) == null || isset($_POST['final_assessment_progress_you_made']) == null || isset($_POST['final_assessment_progress_your_goal']) == null || isset($_POST['final_assessment_progress_your_reach_goal']) == null || isset($_POST['final_assessment_progress_overall']) == null || isset($_POST['final_assessment_participat_name']) == null || isset($_POST['final_assessment_participat_signature']) == null || isset($_POST['final_assessment_participat_date']) == null || isset($_POST['final_assessment_project_worker_name']) == null || isset($_POST['final_assessment_project_worker_signature']) == null || isset($_POST['final_assessment_project_worker_date']) == null){
        $msg    =   '';
    }else{
        $id = isset($_POST['id']) && !empty($_POST['id']) && $_POST['id'] != 'auto' ? $_POST['id'] : auto;
        $stmt = $pdo->prepare('INSERT INTO esf_completed VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
        $result = $stmt->execute([$id, $_GET['id'], $_POST['learning_actual_end_date'], $_POST['partcipant_complete_course'], $_POST['withdrawal_reason'], $_POST['participant_intended_learning'], $_POST['pcp_education'], $_POST['coursestart_date'], $_POST['education_provider_name'], $_POST['course_title'], $_POST['course_level'], $_POST['planned_glh'], $_POST['in_paid_employment'], $_POST['in_paid_employment_start_date'], $_POST['in_paid_employer_name_address'], $_POST['in_paid_job_title'], $_POST['in_paid_contracted_hour'], $_POST['not_in_paid_employment'], $_POST['pcp_gap_year'], $_POST['pcp_others'], $_POST['pcp_voluntary_work'], $_POST['destination_progression_date'], $_POST['destination_progression_collection_date'], $_POST['project_officer_name'], $_POST['project_officer_signature'], $_POST['project_officer_date'], $_POST['participant__name'], $_POST['participant__signature'], $_POST['participant__date'], $_POST['final_assessment_progress_you_made'], $_POST['final_assessment_progress_your_goal'], $_POST['final_asessment_progress_your_reach_goal'], $_POST['final_assessment_progress_overall'], $_POST['final_assessment_participat_name'], $_POST['final_assessment_participat_signature'], $_POST['final_assessment_participat_date'], $_POST['final_assessment_project_worker_name'], $_POST['final_assessment_project_worker_signature'], $_POST['final_assessment_project_worker_date']]);
        $msg    =   "New Soft Skills Entry Added";

    }

    if (!$contact) {
        exit('No contact with that ID!');
    }
} else {
    exit('No ID specified!');
}

?>

 

[Psycho]

What results ARE you getting? Are you getting a blank page or any output?

 

EDIT: Looking at the logic flow there is an if() condition with a LONG list of conditions which will result in "$msg    =   '';" if the result is true. I am guessing that the condition is always true resulting in the message variable getting defined as an empty string. I also don't see that $msg is ever getting output regardless of what it is defined. Change the value for $msg on that one line to something and add a line at the end of the code to echo $msg to the page. Then you can see if it is hitting that branch of code, or the other branch where it is defined as "New Soft Skills Entry Added". IN any event that LONG list of conditions in the if() statement seem overly complicated.

[mac_gyver]

have you determined that the code where the query is at is even being executed, by echoing something at that point?

you likely have a typo, but because of all the isset() statements, you are hiding any error messages that that php would give you. except for unchecked checkbox/radio fields, all form fields will be set once the form has been submitted. the only time you should have isset() statements in your form processing code are for checkbox/radio fields. instead of the huge line of isset() statements, just detect if a post method form has been submitted. likewise, all that logic for the $id variable is (probably) pointless.

you should also trim all the input data before validating it. you should validate all the data before using it, storing validation errors in an array using the field name as the array index. you should ALWASY list out the columns in the INSERT query.  you should get your code to work for one user input form field, then worry about all the code needed for the rest of the fields. if you have more than about 2-3 form fields, you should use a data-driven design, where you have the expected fields defined in an array, along with any validation rules, and any processing rules (is a field used in the insert query, the set part of an update query, the where part of an update query, the where part of a delete query), then loop over this defining array and use simple general-purpose logic to operate on each field, rather than to  spend your time writing out repeated code for 38 different fields.

[Psycho]

OK, after looking at the code more closely, you need better validation logic than just checking all fields have "a" value. You should validate each field individually to make sure it has a value (if required) AND that the value is a valid value. E.g. a date should be a date, a number should be a number, etc. If only a few fields I would write the validation logic in-line. But, for this many fields, I would write separate functions for the validations based on the type of expected inputs. Those functions can be built to include parameters for such things as minimum/maximum inputs, required or not, etc.

[Psycho]

Here is some very rough code on one way to approach validation logic. As I said before, with all the fields you need to validate, I would create functions or a class to do this. But, this will give you something to build on. Ideally, you would present the original input form and repopulate the valid values so the user doesn't have to re-enter everything again. You can show the errors at the top of the page or show them in-line with the input fields (or both).

//Create an array to hold errors
$errors = array();

//Get the learnign end date value
$learning_actual_end_dateVal = isset($_POST['learning_actual_end_date']) ? trim($_POST['learning_actual_end_date']) : '';
//Check that not empty (i.e. required)
if(empty($learning_actual_end_dateVal)) { $errors[] = "The learning end date is required"; }
elseif (!strtotime($learning_actual_end_dateVal))  { $errors[] = "The learning end date must be a valid date value"; }

//Get the participant complete course value
$partcipant_complete_courseVal = isset($_POST['partcipant_complete_course']) ? trim($_POST['partcipant_complete_course']) : '';
if(empty($learning_actual_end_dateVal)) { $errors[] = "Participant complete course is required"; }

// - - - Repease necessary validations for each field

//Check if there were any validation errors
if(count($errors))
{
    //There were validation errors
    $msg = "The following validation errors occured:<ol>";
    foreach($errors as $error)
    {
        $msg .= "<li>{$error}</li>";
    }
    $msg .= "</ol>";
}
else
{
    //There were no input validation errors
    // . . . attempt to process the data
    if(process_was_successful)
    {
        $msg = "The data was saved successfully";
    }
    else
    {
        $msg = "There was a problem saving the data";
    }   
}
    
echo $msg;

 

[ginerjm]

Whyy are you using both GET and POST items?

[EarthDay]

On 8/9/2022 at 6:13 PM, ginerjm said:

Whyy are you using both GET and POST items?

The GET is to get fetch the information from the database and the POST is to store the information.

[EarthDay]

Many thanks for your help guys, I worked out that the code was very buggy and used another code from the internet which worked perfectly.

Many thanks again

Physco - thanks for info about validation, I have used the principles in my new code.