php - Undefined variable: stmt in

Question

I'm fairly new in php .I get at line ($stmt->bindParam(":e1", $_POST['eidosmetaf1']);) error "Undefined variable: stmt in" .It seems to be a basic mistake but i can't figure it out. So any help is appreciated

<?php

require("config.inc.php");  

    $query = "UPDATE customer SET ";
if(isset($_POST['eidosmetaf1'])){ 
$stmt->bindParam(":e1", $_POST['eidosmetaf1']);
  $query .= "eidosmetaf1 = :e1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['weight1'])){  
$stmt->bindParam(":w1", $_POST['weight1']);
  $query .= "weight1 = :w1";
}

    $query = "UPDATE customer SET ";
if(isset($_POST['startNomos1'])){ 
$stmt->bindParam(":sn1", $_POST['startNomos1']);
  $query .= "startNomos1 = :sn1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['startPoli1'])){ 
$stmt->bindParam(":sc1", $_POST['startPoli1']);
  $query .= "startPoli1 = :sc1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['start_lat'])){ 
$stmt->bindParam(":slat1", $_POST['start_lat']);
  $query .= "start_lat = :slat1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['start_lng'])){ 
$stmt->bindParam(":slng1", $_POST['start_lng']);
  $query .= "start_lng = :slng1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['finalNomos1'])){ 
$stmt->bindParam(":fn1", $_POST['finalNomos1']);
  $query .= "finalNomos1 = :fn1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['finalPoli1'])){  
$stmt->bindParam(":fc1", $_POST['finalPoli1']);
  $query .= "finalPoli1 = :fc1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['final_lat'])){  
$stmt->bindParam(":flat1", $_POST['final_lat']);
  $query .= "final_lat = :flat1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['final_lng'])){  
$stmt->bindParam(":flng1", $_POST['final_lng']);
  $query .= "final_lng = :flng1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['depDate1'])){  
$stmt->bindParam(":dD1", $_POST['depDate1']);
  $query .= "depDate1 = :dD1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['depTime1'])){ 
$stmt->bindParam(":dT1", $_POST['depTime1']);
  $query .= "depTime1 = :dT1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['specialservices1'])){  
$stmt->bindParam(":ex1", $_POST['specialservices1']);
  $query .= "specialservices1 = :ex1";
}

$query = "UPDATE customer SET ";
if(isset($_POST['comments1'])){  
$stmt->bindParam(":c1", $_POST['comments1']);
  $query .= "comments1 = :c1";
}


    try {
        $stmt = $db->prepare($query);
       $stmt->execute();
    }
    catch (PDOException $ex) {

        $response["success"] = 0;
        $response["message"] = "Database Error2. Please Try Again!";
        die(json_encode($response));
    }    

    $response["success"] = 1;
    $response["message"] = "..............!";
    echo json_encode($response); 


?>

Answer 1

You are messing a few things up here!

You need to prepare your query before you bind your values, otherwise how should php know where and how it should bind the value in a query which doesn't exist at that time! Also you overwrite the $query variable before each if statement.

So your code should look something like this:

Here I first go through the array $checkPostIndex which holds the placeholder as index and the POST variable index as value, where I check with array_filter() which $_POST variables are set and which are not, which I do with isset(), and filter them out.

After this I loop through the $checkedValues array, which holds the exact same data as $checkPostIndex, but only with the POST variables which are set. And with this I create the query and I create the placeholder array which holds the placeholder as index and the POST variable value as value.

Then I only need to trim the last comma with rtrim() from the query string and then you can execute the query.

<?php

    require_once "config.inc.php";  

    $query = "UPDATE customer SET ";
    $checkPostIndex = ["e1" => "eidosmetaf1", "w1" => "weight1", "sn1" => "startNomos1", "sc1" => "startPoli1", "slat1" => "start_lat", "slng1" => "start_lng", "fn1" => "finalNomos1",
    "fc1" => "finalPoli1", "flat1" => "final_lat", "flng1" => "final_lng", "dD1" => "depDate1", "dT1" => "depTime1", "ex1" => "specialservices1", "c1" => "comments1"];
    $bindValues = [];

    $checkedValues = array_filter($checkPostIndex, function($v){
        return isset($_POST[$v]);
    });

    foreach($checkedValues as $k => $v) {
        $query .= "$v = :$k,"; 
        $bindValues[$k] = $_POST[$v];
    }

    $query = rtrim($query, ",");

    try {           
        $stmt = $db->prepare($query);
        $stmt->execute($binValues);         
    } catch (PDOException $ex) {
        $response["success"] = 0;
        $response["message"] = "Database Error2. Please Try Again!";
        echo $ex->getMessage();
        die(json_encode($response));
    }    

    $response["success"] = 1;
    $response["message"] = "..............!";
    echo json_encode($response); 

?>

Side notes:

I would recommend you to add error reporting at the top of your file(s), which help you to find errors. Only while staging (not in production!):

<?php
    ini_set("display_errors", 1);
    error_reporting(E_ALL);
?>

Also enable error mode for your PDO connection right after the connection:

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

Answer 2

require("config.inc.php");
$query=array();
foreach(array('eidosmetaf1','...') as $k){
if(isset($_POST[$k])){ 
    $query[]= "$k = :$k";
}
}
$query = "UPDATE customer SET ".imolde(',',$query);
$query .= "";#where clause is missing
try {

    $stmt = $db->prepare($query);
    foreach(array('eidosmetaf1','...') as $k){
        if(isset($_POST[$k])){ 
            $stmt->bindParam(":$k", $_POST[$k]);
        }
    }
    $stmt->execute();
} catch (PDOException $ex) {
$response["success"] = 0;
$response["message"] = "Database Error2. Please Try Again!";
die(json_encode($response));
}    

$response["success"] = 1;
$response["message"] = "..............!";
echo json_encode($response); 

try it this way: PREPARE STATEMENT STRING, CREATE PDO, PREPARE QUERY, BIND PARAMS, EXECUTE