-1

When I type in the information that will be inserted into the database I receive this error:

Fatal error: Call to a member function execute() on a non-object.

The problem occurs on line 14 This is my code so far.

$database_file = 'sqlite:inventory.sqlite';
$mysql = new PDO($database_file);

$new_name = $_POST['Name_Item'];
$new_amount = $_POST['Amount_Item'];
$new_detail = $_POST['Description'];


$query =$mysql->prepare("INSERT INTO Items (id, Name, Amount, Detail)
VALUES (''," . $new_name . "," . $new_amount . ",". $new_detail .")");
$query->execute();
echo "testing";
echo "<TABLE>";
echo "<tr>";
echo "<td>id</td>";
echo "<td>Name</td>";
echo "<td>Amount</td>";
echo "<td>Detail</td>";
echo"</tr>";
while ($row = $query->fetch()) {
    //print_r($row);
    echo "<tr>";
    echo "<td>$row[id]</td>";
    echo "<td>$row[Name]</td>";
}
Andrew
  • 2,810
  • 4
  • 18
  • 32
zero_games
  • 7
  • 3
  • The website that I am trying to design, involves the user inputting data into three text boxes, in these boxes the user needs to be able to input the name of an item, the amount, and a small description. I can show the html page that I have created to show what my html page looks like, if that is necessary. ALSO SECURITY IS NOT AN ISSUE IN THIS ITERATION OF MY DATABASE/ WEBSITE. – zero_games Dec 07 '15 at 02:32
  • you have a SQL injection problem – Andrew Dec 07 '15 at 02:32

1 Answers1

0

The issue is probably that you need quotes around the name and detail values.

This is one way you could solve the problem:

$query =$mysql->prepare("INSERT INTO Items (Name, Amount, Detail)
  VALUES (:name, :amount, :detail)");
$query->execute(['name' => $new_name, 'amount' => $new_amount, 'detail' => $new_detail]);

You could also encapsulate name and detail in quotes, but that is not a good approach because if they have quotes in them it breaks.

Also, in most cases, id is assigned by the database.

user2182349
  • 9,569
  • 3
  • 29
  • 41