php - Prepared statement not populating DB -
i'm trying make first prepared statement work, far i'm unsuccesful. hope you're able me out. have index.html simple form parses it's data insert.php. however, data not being written db. here's i've got:
insert.php
if (isset($_post['submit'])) { $mysqli = new mysqli("hosts","user","pass","db"); /* check connection */ if (mysqli_connect_errno()) { printf("connect failed: %s\n", mysqli_connect_error()); exit(); } $stmt = $mysqli->prepare("insert mail_platform (first_name, last_name, email, preference_exchange, preference_news) values (?, ?, ?, ?, ?)"); $stmt->bind_param('sssii', $first_name, $last_name, $email, $preference_exchange, $preference_news); $first_name = isset($_post['first_name']) ? $mysqli->real_escape_string($_post['first_name']) : ''; $last_name = isset($_post['last_name']) ? $mysqli->real_escape_string($_post['last_name']) : ''; $email = isset($_post['email']) ? $mysqli->real_escape_string($_post['email']) : ''; $preference_exchange = isset($_post['preference_exchange']) ? $mysqli->real_escape_string($_post['preference_exchange']) : ''; $preference_news = isset($_post['preference_news']) ? $mysqli->real_escape_string($_post['preference_news']) : ''; $stmt->execute(); $stmt->close(); } echo "thank signing up!"; ?> index.html
<form method="post" action="insert.php"> first name: <input type="text" name="first_name"><br> last name: <input type="text" name="last_name"><br> e-mail: <input type="text" name="email"><br> please choose kind of e-mails receive:<br> news exchange: <input type="checkbox" name="preference_exchange" value="true"> <br> generel news: <input type="checkbox" name="preference_news" value="true"><br> <input type="submit" value="subscribe"> </form> and here's mysql:
create table `mail_platform` ( `id` int(20) unsigned not null auto_increment, `first_name` varchar(60) character set utf8 not null, `last_name` varchar(60) character set utf8 not null, `email` varchar(100) character set utf8 not null, `registration_time` timestamp not null default current_timestamp, `preference_exchange` tinyint(1) not null default '0', `preference_news` tinyint(1) not null default '0', primary key (`id`) ) thanks in advance!
first, break of habit of using mysqli_real_escape_string(). best part of using query parameters it's not necessary escaping. in fact, should not, because you'll end literal backslash characters in strings stored in database.
second, should always check return status of prepare() , execute(). if error occur in parsing or execution, these functions return false. check , if has happened, should @ error returned.
the reason it's important check errors if statement fails, won't know or reason why unless examine error.
also if use php 5.3, can use ?: shortcut make code little more brief.
$stmt = $mysqli->prepare("insert mail_platform (first_name, last_name, email, preference_exchange, preference_news) values (?, ?, ?, ?, ?)"); if ($stmt === false) { trigger_error($mysqli->error, e_user_error); } $stmt->bind_param('sssii', $first_name, $last_name, $email, $preference_exchange, $preference_news); $first_name = $_post['first_name'] ?: ''; $last_name = $_post['last_name'] ?: ''; $email = $_post['email'] ?: ''; $preference_exchange = $_post['preference_exchange'] ?: ''; $preference_news = $_post['preference_news'] ?: ''; if ($stmt->execute() === false) { trigger_error($stmt->error, e_user_error); } notice error on prepare() returns message in $mysqli->error, error on execute() returns message in $stmt->error;
re comment:
i tested myself php 5.3.15 , mysql 5.6.12. worked perfectly. i'm not sure suggest reason fails in case. saying doesn't return error, row never shows in table?
if added line $stmt->execute() without adding error handling that, you're problem of not knowing whether succeeded. in other words, sounds did following:
$stmt->execute(); // without checking if had error if ($stmt->execute() === false) { // execute second time trigger_error($stmt->error, e_user_error); } you don't need execute twice. showed calling execute() part of if statement, pretty common style of coding when want check return value without storing return value in variable. still performs execute.
Comments
Post a Comment