i am trying to create mysql entries with a tool called editable grid (http://www.editablegrid.net/en/). I just added 2 textfields on the code.. but it seems like the mysql prepare code dont like what i am doing.
Thats the php code:
require_once('config.php');
// Database connection
$mysqli = mysqli_init();
$mysqli->options(MYSQLI_OPT_CONNECT_TIMEOUT, 5);
$mysqli->real_connect($config['db_host'],$config['db_user'],$config['db_password'],$config['db_name']);
// Get all parameter provided by the javascript
$name = $mysqli->real_escape_string(strip_tags($_POST['name']));
$firstname = $mysqli->real_escape_string(strip_tags($_POST['firstname']));
$uid = $mysqli->real_escape_string(strip_tags($_POST['uid']));
$show = $mysqli->real_escape_string(strip_tags($_POST['show']));
$tablename = $mysqli->real_escape_string(strip_tags($_POST['tablename']));
$return=false;
if ( $stmt = $mysqli->prepare("INSERT INTO ".$tablename." (name, firstname, uid, show) VALUES ( ?, ?, ?, ? )")) {
$stmt->bind_param("ssss", $name, $firstname, $uid, $show);
$return = $stmt->execute();
$stmt->close();
}
$mysqli->close();
echo $return ? "ok" : "error";
and here the html Code:
<div id="addform" style="height:210px;">
<div class="row">
<input type="text" id="name" name="name" placeholder="name" />
</div>
<div class="row">
<input type="text" id="firstname" name="firstname" placeholder="firstname" />
</div>
<div class="row">
<input type="text" id="uid" name="uid" placeholder="uid" />
</div>
<div class="row">
<input type="text" id="show" name="show" placeholder="show" />
</div>
<div class="row tright">
<a id="addbutton" class="button green" ><i class="fa fa-save"></i> Apply</a>
<a id="cancelbutton" class="button delete">Cancel</a>
</div>
</div>
they both are connected together with javascript and this worked. I just added 2 textfields. Ist there an error in the Php code. Arent i allowed to use 4 values throughout the prepare statement?
