collecting data from html template for php script

Beginners - Learning PHP
#121

yes, it worked just fine. thank you. moving forward

when i add the code that follows i get a server error message:

[php]

// define variables and set to empty values
$item = $temple = $quantity = $price = $promotional = “”;

if ($_SERVER[“REQUEST_METHOD”] == “POST”) {
$item = new_orders($_POST[“item”]);
$temple = new_orders($_POST[“temple”]);
$quantity = new_orders($_POST[“quantity”]);
$price = new_orders($_POST[“price”]);

}

function ordertest01($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}

$item = htmlspecialchars($_POST[‘Item’]);
$temple = htmlspecialchars($_POST[‘Temple’]);
$quantity = htmlspecialchars($_POST[‘Quantity’]);
$price = htmlspecialchars($_POST[‘Price’]);

$stmt->bindParam(’:item’, $item);
$stmt->bindParam(’:temple’, $temple);
$stmt->bindParam(’:quantity’, $quantity);
$stmt->bindParam(’:price’, $price);

	  $result = $dbh->exec("INSERT INTO new_orders(Item, Temple, Quantity, Price, Promotional) VALUES (':item', ':temple',

‘:quantity’, ‘:price’");

header( “Location: http://www…com/…html” )

/*** close the database connection ***/
$dbh = null;

[/php]

i will look into the apps that were suggested by Pretty Homepages, thanks.

#122

Slade, those were not apps. They were IDE’s. An IDE is a programming editor. They allow you to see your
code in an easier manner and give you hints to errors so you can fix them before running your test runs. Each
programmer has their own favorites. If I remember correctly very early on in your post’s Dreamweaver was one
that was mentioned. That is more of a web-page designer, but is used sort of like an IDE. The ones that were
mentioned by Pretty are well known standard IDE’s. There are hundreds of them. Simple ones like the free
Notepad++ work well for quick fixes, but, the ones Pretty listed are full fledged IDE’s. When you get time look
into them and pick one. You can find them quickly thru Google…

#123

i have chosen netbeans. it’s a clean looking interface. i know that the balance of my script is not perfect but i got only caution warnings from netbeans, the only red flag i get reads that the $dbh = null; was unexpected and if i understand correctly, outside of the closing parenthasis . but it doesn’t show me why once i put script in the body tag it reverts to a blank page in firefox and a error 500 server error message.

this is the script:
[php]

<?php // define variables and set to empty values $item = $temple = $quantity = $price = $promotional = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { $item = ordertest01($_POST["item"]); $temple = ordertest01($_POST["temple"]); $quantity = ordertest01($_POST["quantity"]); $price = ordertest01($_POST["price"]); $promotional = ordertest01($_POST["promotional"]); } function ordertest01($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } $item = htmlspecialchars($_POST['Item']); $temple = htmlspecialchars($_POST['Temple']); $quantity = htmlspecialchars($_POST['Quantity']); $price = htmlspecialchars($_POST['Price']); $promotional = htmlspecialchars( $_POST['Promotional']); $stmt->bindParam(':item', $item); $stmt->bindParam(':temple', $temple); $stmt->bindParam(':quantity', $quantity); $stmt->bindParam(':price', $price); $stmt->bindParam(':promotional', $promotional); $result = $dbh->exec("INSERT INTO order0001(Item, Temple, Quantity, Price, Promotional) VALUES (':item', ':temple', ':quantity', ':price', ':promotional'"); header( "Location: http://www..com/.....html" ) /*** close the database connection ***/ $dbh = null; ?> [/php]

any ideas, guys?

#124

opps and i get this warning which is not a error:

“Do not Access Superglobal $POST Array Directly.
Use some filtering functions instead (e.g. filter_input(), conditions with is*() functions, etc.).”

this occurs after every $_POST

#125

can anyone tell me what’s wrong with this line?

[php] $stmt = $conn->prepare("INSERT INTO new_order (item, temple, quantity, price)
[/php]

my error message reads,
“Connected to database
Notice: Undefined variable: conn in prac0.php on line 46.
Fatal error: Call to a member function prepare() on a non-object in prac0.php on line 46.”

any advice? i’m still learning.

#126

Well, no ending double-quote and no ending “)”…
$stmt = $conn->prepare("INSERT INTO new_order (item, temple, quantity, price)
Should be…
$stmt = $conn->prepare(“INSERT INTO new_order (item, temple, quantity, price)”);
But, you also are missing the VALUES section where you mark what is going into those fields.
Loosely ike this:
$stmt = $conn->prepare(“INSERT INTO new_order (item, temple, quantity, price) VALUES(?,?,?,?)”);

Here is a link that explains “Prepared” statements. Hope it helps…
http://www.w3schools.com/php/php_mysql_prepared_statements.asp

#127

buggin’.

which of these is the one i should use to collect and pass data?

[php]

// prepare sql and bind parameters
$stmt = $conn->prepare(“INSERT INTO new_order (item, temple, quantity, price) VALUES(?,?,?,?)”);
$stmt->bindParam(’:item’, $item);
$stmt->bindParam(’:temple’, $temple);
$stmt->bindParam(’:quantity’, $quantity);
$stmt->bindParam(’:price’, $price);

$query = “INSERT INTO new_order (item, temple, quantity, price)
VALUES (:item, :temple, :quantity, :price)”;
$stmt = $pdo->prepare($query);
$stmt->bindParam(’:item’, $_POST[‘item’]);
$stmt->bindParam(’:temple’, $_POST[‘temple’]);
$stmt->bindParam(’:quantity’, $_POST[‘quantity’]);
$stmt->bindParam(’:price’, $_POST[‘price’]);
$stmt->execute();

[/php]

thanks.

#128

I prefer the positional placeholders (?,?). Less prone to typo’s and less typing. Either will work, although the positional placeholders need to be in order. My thought on that is, we are programmers, everything we do is in order. I know of no reason why you would want to enter columns randomly except for being lazy.

#129

Slade, I agree with Kevin, but, my answer is NEITHER! You have them set up mixed coded…
You would need to handle it more like this:

[php]
// prepare sql and bind parameters
$stmt = $conn->prepare(“INSERT INTO new_order (item, temple, quantity, price) VALUES(?,?,?,?)”);
$stmt->bind_param(“ssss”, $item, $temple, $quantity, $price);
$stmt->execute();
[/php]
The “ssss” means that four strings follow. Much easier to read this way, too… Hope this helps!

#130

there is lots of information about the error message, "Connected to database

Notice: Undefined variable: conn in /home/ewff/public_html/prac0.php on line 57

Fatal error: Call to a member function prepare() on a non-object in /home/ewff/public_html/prac0.php on line 57".

but i can’t get a line on how to work it. it seems like i was supposed to have defined the variable somewhere previous to now.
[php]
// prepare sql and bind parameters
$stmt = $conn->prepare(“INSERT INTO new_order (item, temple, quantity, price) VALUES(?,?,?,?)”); //line 57//
$stmt->bind_param(“ssss”, $item, $temple, $quantity, $price);
$stmt->execute();
[/php]

then i will
[php]
$host = $_SERVER[‘HTTP_HOST’];
$uri = $_SERVER[‘REQUEST_URI’];
header(“Location: http://$host$uri”);
die;
[/php]

and check to see if i’m passing data.

#131

Back up a couple notes! You defined your connection as $con NOT $conn… Therefore, $conn does not
exist once you get to create a query… You need to either change your connection to use $conn or replace
all of the $conn-> to use the $con-> as you defined…

#132

please forgive my lack of understanding. i don’t know where in the script “con” is defined. all i see is “conn” where we prepared sql. nowhere in the script is “con”:

[php]<?php

if ($_SERVER[“REQUEST_METHOD”] == “POST”)

$errors = array();

if(empty($errors))

// prepare sql and bind parameters
$stmt = $conn->prepare(“INSERT INTO new_order (item, temple, quantity, price) VALUES(?,?,?,?)”);
$stmt->bind_param(“ssss”, $item, $temple, $quantity, $price);
$stmt->execute();

/*** close the database connection ***/
$dbh = null;

?>

[/php]
where is the connection defined as “$con”?

#133

Post #103:
[php] try {
$dbh = new PDO(“mysql:host=$hostname;dbname=order0001”, $username, $password);
[/php]

Today’s version:
[php]$stmt = $conn->prepare(“INSERT INTO new_order (item, temple, quantity, price) VALUES(?,?,?,?)”);
[/php]

Now, where did you get $conn from when your PDO connection is dbh?

#134

Slade, in case you did not understand our last posts…

You create a new PDO connection. In one post, you used $con = new PDO(…); and in another you used
$dbh = new PDO(…); And, in one of ours, it was $conn = new PDO(…) !

Then, in one of your prepared statement commands, you used $con->prepare and in another $conn->prepare
to set up the query. The $con and $conn is the name of the connection string you set up in the new PDO()
line. They must be the same for all…

So, check them out and set the connection name to the same in all your code. Then, let us know what you
do get back after that. Hope this helps you understand the issues…

#135

please give me just a moment to understand. what i have been doing is going to different resources on the web to really familiarize myself with the code. different sources have different ways of accomplishing the same task. so i’ve been taking what ive believed to be the right scriplet or function and put it in there and see why or why not it doesn’t work. for instance, before this forums assistance i didn’t know that

[php] $item = “”;
$temple = “”;
$quantity = “”;
$price = “”[/php]
is the same as
[php] $item = $temple = $quantity = $price = $promotional = “”; [/php]
is the same as
[php] $item = ordertest01($_POST[“item”]);
$temple = ordertest01($_POST[“temple”]);
$quantity = ordertest01($_POST[“quantity”]);
$price = ordertest01($_POST[“price”]);[/php]

they accomplish the same task in different ways. as i said before i study from tutorials and various websites. one has a way of working a process while another works the same process in a different way accomplishing the same results. me being green i put all the code that appears applicable based on the task and work it from there. also learning in the process. it’s not that i’m not paying attention, i’m just learning that the strings don’t work together, though they both achieve the same means…and how to work prepared statements. I’ll get it right.

is this closer to correct:
[php]$dbh = $conn->prepare(“INSERT INTO new_order (item, temple, quantity, price) VALUES(?,?,?,?)”);
$dbh->bind_param(“ssss”, $item, $temple, $quantity, $price);
$dbh->execute();[/php]
thanks for bringing me this far.

#136

Now, where did you get this from? If you are using PDO, this is not correct. Stop copying and pasting code and seeing what happens.

#137

Well, Slade, yes, that should work, but, the problem you mentioned was the $conn part.

In your config.php file, I do not remember the name of the file, you used $con = new PDO() NOT $conn.
Fix that and you are done!

#138

Other than the code is wrong.

#139

Well, tell him what is wrong. Stating it is wrong doesn’t help…

#140

You mean like this post?

slade, at this point I am wondering if you are just copying and pasting code hoping something works. That is rarely how it works. 138 replies is excessive for a single topic that is not a discussion.

DO NOT JUST COPY AND PASTE THIS

PDO:
[php]
$sql =<<<SQL
SELECT created FROM accounts WHERE userId = :id
SQL;

$pdo = new PDO(“mysql:host=localhost;dbname=database”, ‘username’, ‘password’);
$stmt = $pdo->prepare( $sql );
$stmt->execute( array( ‘:id’ => $var );[/php]

MySQLi:
[php]
$sql =<<<SQL
SELECT created FROM accounts WHERE userId = ?
SQL;

$mysqli = new mysqli(‘localhost’, ‘user’, ‘pass’, ‘database’);
$stmt = $mysqli->prepare( $sql );
$stmt->bind_param(‘i’, $name);
$stmt->execute();[/php]

Sponsor our Newsletter | Privacy Policy | Terms of Service