Error insert statement PHP

Question

I am having a problem with my database handler class, i think. I have a form tag in my index.php file, which calls a function in inc/function.php, which then saves the form data to a table in the database. The problem is, that i doesnt work, and i cannot find the error. If you want me to provide more information, then please say so :)

There is no error, other than whenever i add the line $dbh->query($sql) in my function, the whole form dissappears :/

index.php:

<form id="signform" action="<?php addSignature($dbh) ?>" method="post">
                <h1>SIGN THE PROPOSED CITIZENS’ INITIATIVE</h1>
                <input type="text" name="firstname" placeholder="Full first name"><br/>
                <input type="text" name="familynames" placeholder="Family name"><br/>
                <input type="text" name="dateofbirth" placeholder="Date of birth"><br/>
                <input type="text" name="placeofbirth" placeholder="Place of birth"><br/>
                <select name="nationality">
                    <option value="" disabled selected>Nationality</option>
                    <option value="Denmark" >Denmark</option>
                </select>
                <hr>
                <textarea name="address" placeholder="Address (street, number, other)"></textarea><br/>
                <input type="text" name="postalcode" placeholder="Postal code"><br/>
                <input type="text" name="city" placeholder="City"><br/>
                <select name="country">
                    <option value="" disabled selected>Country</option>
                    <option value="Denmark" >Denmark</option>
                </select>
                <hr>
                <div id="radiobuttons">
                <input class="radiobutton" type="checkbox" name="certify"><span class="radiobuttonText">I hereby certify that the information provided in this 
 form is correct and that I have not already supported 
this proposed citizens’ initiative.</span><br/><br/>
                <input class="radiobutton" type="checkbox" name="privacy"><span class="radiobuttonText">I have read the privacy statement.</span>
                </div>
                <button type="submit" value="">SIGN UP</button>
            </form>

DbH.php:

<?php

    //DATABASE HANDLER
    class DbH{

        private $connection;
        private $host;
        private $database;
        private $user;
        private $password;
        private $result;

        public function __construct($database, $host='localhost', $user='root', $password='blabla'){
            $this->database = $database;
            $this->host = $host;
            $this->user = $user;
            $this->password = $password;
            $this->connect();
        }

        private function connect(){
            try{
                if(!$this->connection = mysql_connect($this->host, $this->user, $this->password)){
                    throw new Exception("No connection to the MySQL server.");
                }
                if(!mysql_select_db($this->database, $this->connection)){
                    throw new Exception("No connection to the MySQL database.");
                }
            }
            catch(Exception $e){
                die($e->getMessage());
            }
        }

        function query($declaration){
            try{
                if(!$this->result=mysql_query($declaration, $this->connection)){
                    throw new Exception("SELECT ERROR</ br>{$declaration}");
                }
            }
            catch(Exception $e){
                die($e->getMessage());
            }
        }

        function fetch_array(){
            return $rowArray = @mysql_fetch_array($this->result);
        }

        function getDb(){
            return $this->database;
        }

        function getConnection(){
            return $this->connection;
        }
    }
?>

functions.php:

<?php

function addSignature($dbh){

if(!isset($_POST['firstname'], $_POST['familynames'], $_POST['dateofbirth'], $_POST['placeofbirth'], $_POST['nationality'], $_POST['address'], $_POST['postalcode'], $_POST['city'], $_POST['country'])){
    $_POST['firstname'] = 'undefine';
    $_POST['familynames'] = 'undefine';
    $_POST['dateofbirth'] = 'undefine';
    $_POST['placeofbirth'] = 'undefine';
    $_POST['nationality'] = 'undefine';
    $_POST['address'] = 'undefine';
    $_POST['postalcode'] = 'undefine';
    $_POST['city'] = 'undefine';
    $_POST['country'] = 'undefine';
}

$firstname = mysql_real_escape_string($_POST['firstname']);
$familynames = mysql_real_escape_string($_POST['familynames']);
$dob = mysql_real_escape_string($_POST['dateofbirth']);
$pob = mysql_real_escape_string($_POST['placeofbirth']);
$nationality = mysql_real_escape_string($_POST['nationality']);
$address = mysql_real_escape_string($_POST['address']);
$postalcode = mysql_real_escape_string($_POST['postalcode']);
$city = mysql_real_escape_string($_POST['city']);
$country = mysql_real_escape_string($_POST['country']);

$sql = 'INSERT INTO signatures (id, firstname, familynames, dob, birthplace, nationality, address, postalcode, city, country)';
$sql .= sprintf(' VALUES ("%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s")', $firstname, $familynames, $dob, $pob, $nationality, $address, $postalcode, $city, $country);


$dbh->query($sql);
}

?>

What error do you get? And why are you using this db handler? — kero, May 20 '13 at 14:05
'I have a in my index.php' a what?, besides, what error are you getting or how do you know its not working? — Juan Antonio Orozco, May 20 '13 at 14:05
This is *way* too much code, and likely calls for basic debugging first. What goes wrong where? If you simply get a blank screen, you may have error reporting turned off. `mysql_error()` will tell you if anything went wrong with the query — Pekka, May 20 '13 at 14:08
The fun thing is, that my error reporting is turned on. It's the first time its not giving me any error. I have now reduced the code — Teilmann, May 20 '13 at 14:11
You should consider removing all error suppression operators ('@') from your code, especially while debugging. You may be throwing away useful information. — George Cummins, May 20 '13 at 14:11
An you should reduce your code to the minimum that still produces this error — crackmigg, May 20 '13 at 14:12
i am using this database handler, because it's a school assignment, where we have to use it. This is not normally the way i do it — Teilmann, May 20 '13 at 14:13
[How to get useful error messages in PHP?](http://stackoverflow.com/q/845021/1409082) — Jocelyn, May 20 '13 at 14:14
Even if it was a school assignment, it shouldn't be essential to be done in a specific way. As long as you get the same end result, even if it is half the cod everyone else has, it is still an academic way of doing it. — Daniel Morgan, May 20 '13 at 14:15

score 4 · Accepted Answer · answered May 20 '13 at 14:14

4

Your form action should be a page, not a call to a PHP function.

<form id="signform" action="<?php addSignature($dbh) ?>" method="post">

When you add that line in, you're really calling that function immediately since all PHP code is processed before it outputs to the page, and the action in the source code becomes

action=""

You need to pass the form either to your same page or to a processing page, which would then pass your POST variables to your addSignature function.

answered May 20 '13 at 14:14

aynber

22,380
8
50
63

okay, i will try this and then return! – Teilmann May 20 '13 at 14:21
so to have a addsignature.php page to parse into the action, would be better? Just to know if i understand you correctly – Teilmann May 20 '13 at 14:23
But how do i then get access to my $dbh object. Inside the addsignature.php ? :) – Teilmann May 20 '13 at 14:26
Correct. This way if the page reloads, it won't call the function again. You can just add the $dbh object to the addsignature.php the same way you added it to index.php. – aynber May 20 '13 at 14:49

score 0 · Answer 2 · answered May 20 '13 at 14:14

I assume that the id field in the INSERT statement looks like a auto increment field because in the VALUES part of the INSERT there is no id parameter specified. Or you might need to add an id in the parameters section:

$sql = 'INSERT INTO signatures (firstname, familynames, dob, birthplace, nationality, address, postalcode, city, country)';
$sql .= sprintf(' VALUES ("%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s")', $firstname, $familynames, $dob, $pob, $nationality, $address, $postalcode, $city, $country);

$dbh->query($sql);

OR

$sql = 'INSERT INTO signatures (id,firstname, familynames, dob, birthplace, nationality, address, postalcode, city, country)';
$sql .= sprintf(' VALUES ("%s","%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s", "%s")', $id, $firstname, $familynames, $dob, $pob, $nationality, $address, $postalcode, $city, $country);

$dbh->query($sql);

Also ensure that the correct variable types are past to the fields in the table.

score -2 · Answer 3 · edited May 20 '13 at 14:15

-2

I believe there is a syntax error. In your if statement you are using commas, but you should be using && or ||.

edited May 20 '13 at 14:15

Mischa

42,876
8
99
111

answered May 20 '13 at 14:14

Michael Valentino

101
3

i actually started with using &&, but then PhP gave me an error, telling me to use ,. Im not quite sure why – Teilmann May 20 '13 at 14:16
1

He's passing multi arguments to [`isset`](http://php.net/manual/en/function.isset.php), separating them with commas. That is actually valid. Sorry, but your answer is wrong. – Mischa May 20 '13 at 14:20
@ThomasTeilmann, that part of your code is correct. This answer is wrong. – Mischa May 20 '13 at 14:20

Error insert statement PHP

3 Answers3