0

This is the table that is not writing all data to, but which should have the data inserted: 

members_posts
`screenname` varchar(255) DEFAULT NULL,
`id` int(11) NOT NULL AUTO_INCREMENT,
`images_id` int(11) DEFAULT NULL,
`item` varchar(25) DEFAULT NULL,
`noi` varchar(124) DEFAULT NULL,
`notes` varchar(255) DEFAULT NULL,
`posted` timestamp DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`),
KEY `screenname_idx` (`screenname`),
CONSTRAINT `screenname_posts` FOREIGN KEY (`screenname`) REFERENCES `members`   (`screenname`) ON DELETE NO ACTION ON UPDATE NO ACTION)

When I attempt to open my postitem.php page, it loads the page, but already inserts the ID, NOTES, and POSTED fields - before entering any data into the form.

Here is the postitem.php form:

<?php 

// Connection data to the database 
require("/config/common.php");

// Check to see whether the screen name is already in use.
$query = "SELECT 1 FROM members WHERE screenname = :screenname"; 


$query_params = array( 
':screenname' => $_POST['screenname']); 

try 
{ 
// These two statements run the query against your database table. 
$stmt = $db->prepare($query); 
$result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 
die("Failed to run query: " . $ex->getMessage()); 
} 

$row = $stmt->fetch(); 

if($row) 
{ 
die("This screen name is already in use"); 
} 

$query = "INSERT INTO members_posts (screenname, item, noi, notes) 
VALUES (:screenname, :item, :noi, :notes)"; 

$query_params = array( 
':screenname' => $_POST['screenname'], ':item' => $_POST[$item], ':noi' =>     $_POST[$noi], ':notes' => $_POST['notes']); 

try 
{ 
$stmt = $db->prepare($query); 
$result = $stmt->execute($query_params); 
} 
catch(PDOException $ex) 
{ 
die("Failed to run query: " . $ex->getMessage()); 
} 

// Redirects the member back to the member's account page after posting an item. 
//header("Location: myacct.php"); 


//die("Redirecting to myacct.php"); 


?> 
<br />
<br />
<table align="center"> 
<th><h1>Post Item</h1></th>
<form enctype="multipart/form-data" action="postitem.php" method="post">
<tr><td>Screen Name:</td><td><b><?php echo htmlentities($_SESSION['user']   ['screenname'], ENT_QUOTES, 'UTF-8'); ?></b></td></tr> 
<tr><td>Item:</td><td><select name="item">
<option VALUE='opt1'>Option 1</option>
<option VALUE='opt2'>Option 2</option>
<option VALUE='opt3'>Option 3/Computer</option>
</select></td></tr>
<tr><td>Name of item:</td><td><input type="text" name="noi" value="" /></td></tr>
<tr><td>Notes:</td><td><input type="text" name="notes" value="" /></td></tr>
<tr><td><input type="submit" src="/images/postit.png" value="Upload It" /></td></tr>
</form>
</table>
</body>
</html>

Thank you in advance for any help anyone could offer me!

PS: I did make the redirection to the myacct.php only a remark for testing, to keep the postitem page open for troubleshooting reasons.

Improve this question
3
  • You're not actually checking to see if any data has been posted. You're just running all of your code (including the queries) regardless. Commented Jul 31, 2014 at 13:47
  • Imaibou below added the if(isset($_POST['submit_form'})) to my code, but that did not help. Do you know how I can check, in the code, to verify data entered is written to the table? Thanks for your reply, by the way. Commented Jul 31, 2014 at 15:24
  • Did you also add that attribute name="submit_form" to your submit button? If not, you need to. You should update the code in your question with the current code that you are using. Commented Jul 31, 2014 at 15:31

3 Answers 3

Reset to default
1

You should always check if the user submitted the form first befor making database queries like this:

<?php 

if(isset($_POST['submit_form']))
{
    // Connection data to the database 
    require("/config/common.php");

    // Check to see whether the screen name is already in use.
    $query = "SELECT 1 FROM members WHERE screenname = :screenname"; 


    $query_params = array( 
    ':screenname' => $_POST['screenname']); 

    try 
    { 
    // These two statements run the query against your database table. 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
    die("Failed to run query: " . $ex->getMessage()); 
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
    die("This screen name is already in use"); 
    } 

    $query = "INSERT INTO members_posts (screenname, item, noi, notes) 
    VALUES (:screenname, :item, :noi, :notes)"; 

    $query_params = array( 
    ':screenname' => $_POST['screenname'], ':item' => $_POST['item'], ':noi' =>     $_POST['noi'], ':notes' => $_POST['notes']); 

    try 
    { 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
    die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Redirects the member back to the member's account page after posting an item. 
    //header("Location: myacct.php"); 


    //die("Redirecting to myacct.php"); 

}
?> 
<br />
<br />
<table align="center"> 
<th><h1>Post Item</h1></th>
<form enctype="multipart/form-data" action="postitem.php" method="post">
<tr><td>Screen Name:</td><td><b><?php echo htmlentities($_SESSION['user']   ['screenname'], ENT_QUOTES, 'UTF-8'); ?></b></td></tr> 
<tr><td>Item:</td><td><select name="item">
<option VALUE='opt1'>Option 1</option>
<option VALUE='opt2'>Option 2</option>
<option VALUE='opt3'>Option 3/Computer</option>
</select></td></tr>
<tr><td>Name of item:</td><td><input type="text" name="noi" value="" /></td></tr>
<tr><td>Notes:</td><td><input type="text" name="notes" value="" /></td></tr>
<tr><td><input type="submit" src="/images/postit.png" value="Upload It" name="submit_form" /></td></tr>
</form>
</table>
</body>
</html>

Note that added a name attribute to the submit input tag

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for your respons, imaibou. After adding "if(isset($_POST['submit_form'])) {" like you suggested, no data is being written to my table.
add the line echo 'inside if'; just after if(isset($_POST['submit_form'])) { to see if it enters the if after form validation. Did you make sure to add the name attribute to the subbmit field ? like this: <input type="submit" src="/images/postit.png" value="Upload It" name="submit_form" />
0

Put the whole insert-script within a

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    // SQL-commands here
}

Besides that you may also want to check if the user enters a valid (non-empty) screenname etc.

Improve this answer

Comments

0

First give a name to your submit button(in this example 'submit') and then check if it has been pushed looking at the _POST array.

Here the code: 

    <?php 

    // Connection data to the database 
    require("/config/common.php");
if($_POST['submit']){
    // Check to see whether the screen name is already in use.
    $query = "SELECT 1 FROM members WHERE screenname = :screenname"; 


    $query_params = array( 
    ':screenname' => $_POST['screenname']); 

    try 
    { 
    // These two statements run the query against your database table. 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
    die("Failed to run query: " . $ex->getMessage()); 
    } 

    $row = $stmt->fetch(); 

    if($row) 
    { 
    die("This screen name is already in use"); 
    } 

    $query = "INSERT INTO members_posts (screenname, item, noi, notes) 
    VALUES (:screenname, :item, :noi, :notes)"; 

    $query_params = array( 
    ':screenname' => $_POST['screenname'], ':item' => $_POST[$item], ':noi' =>     $_POST[$noi], ':notes' => $_POST['notes']); 

    try 
    { 
    $stmt = $db->prepare($query); 
    $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 
    die("Failed to run query: " . $ex->getMessage()); 
    } 

    // Redirects the member back to the member's account page after posting an item. 
    //header("Location: myacct.php"); 


    //die("Redirecting to myacct.php"); 
 }

    ?> 
<br />
<br />
<table align="center"> 
<th><h1>Post Item</h1></th>
<form enctype="multipart/form-data" action="postitem.php" method="post">
<tr><td>Screen Name:</td><td><b><?php echo htmlentities($_SESSION['user']   ['screenname'], ENT_QUOTES, 'UTF-8'); ?></b></td></tr> 
<tr><td>Item:</td><td><select name="item">
<option VALUE='opt1'>Option 1</option>
<option VALUE='opt2'>Option 2</option>
<option VALUE='opt3'>Option 3/Computer</option>
</select></td></tr>
<tr><td>Name of item:</td><td><input type="text" name="noi" value="" /></td></tr>
<tr><td>Notes:</td><td><input type="text" name="notes" value="" /></td></tr>
<tr><td><input type="submit" name='submit' src="/images/postit.png" value="Upload It" /></td></tr>
</form>
</table>
</body>
</html>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.