0

I have a PHP script that is suppose to take values from html form and insert them into a PDO database I do have the tables set. It does not give errors or work.

This is the HTML "form" code:

<form action="latestarticles.php" method="POST">
    <input type="text" name="title" value="Title"/>
    <input type="text" name="author" value="Author name"/>
    <textarea name="content"></textarea>
    <input type="datetime-local" name="currentdate" />
    <select name="category">
        <option value="Sports">Sports</option>
        <option value="Local news">Local news</option>
        <option value="Technology">Technology</option>
        <option value="Business">Business</option>
    </select>
    <input type="reset" name="reset" value="Reset" />
    <input type="submit" name="submit" value="submit" />
</form>

This is the php code latestarticles.php:

<?php
if (isset($_POST['submit'])) {
    $stmt = $pdo->prepare("INSERT INTO articles (articletitle, articleauthor, articlecontent) VALUES ($_POST['title'], $_POST['author'], $_POST['content'])");

    $stmt->execute();

    echo '<p> Successful insert </p>';

} else {

    echo '<p> You suck at programming </p>';

}
?>

Thank you for all the help!

JeanPaul98
  • 492
  • 6
  • 18
xafierz
  • 53
  • 1
  • 9
  • http://php.net/manual/pdo.prepared-statements.php – Phil Nov 29 '17 at 00:11
  • I will check it now thank you @LawrenceCherone – xafierz Nov 29 '17 at 00:12
  • *"It does not give errors"*... have you told it to? `ini_set('display_errors', 'On'); error_reporting(E_ALL); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);` – Phil Nov 29 '17 at 00:13
  • @Phil I have the second error handler ill try adding the first one now. – xafierz Nov 29 '17 at 00:15
  • If I do prepared statement do I need to give it parameter like this? $stmt->bindParam(':name', $_POST['Username']); <<< just an example @LawrenceCherone because i really need it to take the input from the form – xafierz Nov 29 '17 at 00:18
  • 1
    Yeah, do for each of your `$_POST` inputs which your currently directly inserting in the query, and replace them with the placeholders eg: `:name` – Lawrence Cherone Nov 29 '17 at 00:21
  • thank you very much @LawrenceCherone – xafierz Nov 29 '17 at 00:22

0 Answers0