gcc: Submit post echo but does not write information in database

lundi 30 mars 2015

Submit post echo but does not write information in database

I'm having problem with updating information in database. The echo pops out as successful but the database row stays blank - why? PHP code:


<?php

    if (isset($_POST['gender'])) {
        // Sanitize and validate the data passed in
        $gender = filter_input(INPUT_POST, 'gender', FILTER_SANITIZE_STRING);
        if ($stmt) {
            $stmt->bind_param('s', $gender);
            $stmt->execute();
            $stmt->store_result();

            if ($insert_stmt = $mysqli->prepare("INSERT INTO  members gender VALUE ?")) {
                $insert_stmt->bind_param('s', $gender);
            }
        }
        echo "<div class='notemarg'> Your gender has been submitted</div>";
    } 
?>

and input form:


<form action="" method="POST">
  <input type="radio" name="gender" value="male"> Male <br>
  <input type="radio" name="gender" value="female"> Female <br>
  <input type="submit" name="gender" value="Set gender" class="button">
</form>

I want to use mysqli->prepare to prevent SQL injection.

I fixed it with alternative way, where there is pre-defined input by button.


<?php

    $servername = "";
    $username = "";
    $password = "";
    $dbname = "";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
     if (isset($_POST['Female'])) {

     $gender = $_POST['Female'];
     $sql = "UPDATE members SET gender = '$gender' WHERE username = '".$_SESSION['username']."'"; 


    if ($conn->query($sql) === TRUE) {
        echo "<div class='notemarg'> Your gender has been submitted</div>";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
    $conn->close();
}
    ?>

And simple form:


<form action="" method="POST">
 <input type="submit" name="Female" value="Female" class="button">
</form>

Thanks to all who wanted to help me, especially to anant kumar singh. I could not get that alter idea without his suggestions. Thanks!

UPDATE #1

It just pops out that echo "error"


<?php

if(isset($_POST['Female'])){

    $servername = "";
    $username = "";
    $password = "";
    $dbname = "";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
     if (isset($_POST['Female'])) {

     $gender = $_POST['Female'];
     $stmt = $conn->prepare('UPDATE members
     SET gender = ?
     WHERE username = ?'); 
$stmt->bind_param('s', $_POST['Female']);
 $stmt->bind_param('s', $_SESSION['username']);

    if ($conn->prepare === TRUE) {
        echo "<font color='#00CC00'>Your gender has been updated.</font><p>";
    } else {
        echo "Error: " . $conn->prepare . "<br>" . $conn->error;
    }
    $conn->close();
}
}
?>

Don't know where is problem... UPDATE #2


if(isset($_POST['Female'])){

    $servername = "";
    $username = "";
    $password = "";
    $dbname = "";

  // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }
     if (isset($_POST['Female'])) {

     $gender = $_POST['Female'];
     $sql = "
     UPDATE members
     SET gender = ?
     WHERE username = ?
 ";
 $stmt = $mysqli->prepare($sql);
 $stmt->bind_param('s', $_POST['Female']);
 $stmt->bind_param('s', $_SESSION['username']);
 $stmt->execute();

    if ($mysqli->prepare($sql) === TRUE) {
        echo "<font color='#00CC00'>Your gender has been updated.</font><p>";
    } else {
        echo "Error: " . $conn->prepare . "<br>" . $conn->error;
    }
    $conn->close();
}
}

UPDATE #3

I added also some notes in code so


     <?php
    // I had here twice the ifisset here and
        if(isset($_POST['Female'])){

        $servername = "";
        $username = "";
        $password = "";
        $dbname = "";

       // Create connection
        $conn = new mysqli($servername, $username, $password, $dbname);
        // Check connection
        if ($conn->connect_error) {
            die("Connection failed: " . $conn->connect_error);
        }
    //here the second one so I deleted that ifisset here...
         $gender = $_POST['Female'];
         $sql = "
         UPDATE members
         SET gender = ?
         WHERE username = ?
     ";
     $stmt = $mysqli->prepare($sql);
     $stmt->bind_param('s', $_POST['Female']);
     $stmt->bind_param('s', $_SESSION['username']);
     $ok = $stmt->execute();

        if ($ok == TRUE) {
            echo "<font color='#00CC00'>Your gender has been updated.</font><p>";
        } else {
            echo "Error: " .$stmt->error; // This is the line that shows the error
        }
        $conn->close();
    }
?>

I'm not sure what is problem... It pops the error on echo "No data supplied for parameters in prepared statement"

gcc

lundi 30 mars 2015

Submit post echo but does not write information in database

Aucun commentaire:

Enregistrer un commentaire