HTML Form with PHP Prepared Statements Losing $_POST data

Question

I'm building an element for a website which I cant seem to get working. The page is supposed to allow the user to upload some news, which is displayed elsewhere. The display element is working fine, however the submission part is not.

After filling out the HTML form on the site, and clicking submit, I get an error:

Error: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'title' cannot be null

I understand this is a data handling error, but I cant seem to find the source. If I change $_POST["title"] to an actual value, it'll skip that part, and give me the same error, but for the next field. If I replace each $_POST with a value, the statement will work. This, I feel, is an issue with the transmission of data from the HTML page to the PHP page. There is no JS involved, the server is on a local network, and the exact same server is running an older version of the site which does not use prepared statements perfectly fine.

Heres the PHP code:

<?php

$servername = "localhost";
$username = "myUsernameHere";
$password = "myPasswordHere";
$dbname = "myDBnameHere";


try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    // prepare sql and bind parameters
    $stmt = $conn->prepare("INSERT INTO home_news (title, body, author, datePost, dateValid) 
    VALUES (:title, :body, :author, :datePost, :dateValid)");
    $stmt->bindParam(':title', $title);
    $stmt->bindParam(':body', $body);
    $stmt->bindParam(':author', $author);
    $stmt->bindParam(':datePost', $datePost);
    $stmt->bindParam(':dateValid', $dateValid);

    // insert a row
    $title = $_POST["title"];
    $body = $_POST["body"];
    $author = $_POST["author"];
    $datePost = $_POST["dateP"];
    $dateValid = $_POST["dateV"];
    $stmt->execute();


    echo "New records created successfully";
    }
catch(PDOException $e)
    {
    echo "Error: " . $e->getMessage();
    }
$conn = null;

?>

And heres my HTML code:

<form action="submitNews.php" method="POST">
                    <table class="subTable" align="center">
                        <tr>
                            <td><input type="text" name="title" id="newsTitle" placeholder="News Title"></td>
                            <td><input type="text" name="author" id="newsAuth" placeholder="Author"></td>
                        </tr>
                        <tr>
                            <td colspan="2"><textarea form="news" name="body" cols="42" rows="5" placeholder="Main Body"></textarea></td>
                        </tr>
                        <tr>
                            <td><label>When should this news be visible from?</label><br /><input type="date" name="dateV" id="newsDateV" value="<?php echo date('Y-m-d'); ?>"></td>
                            <td><label>When should this news be no longer visible?</label><br /><input type="date" name="dateP" id="newsDateP" value="<?php echo date('Y-m-d'); ?>"></td>
                        </tr>
                        <tr>
                            <td colspan="2"><input type="submit" name="submit"></td>
                            <td></td>
                        </tr>
                    </table>
                </form>

I imagine its something silly I've overlooked, but I'd really appreciate any input. I understand there is probably obsolete code (like <font>) but for my project its not too big of a deal. I'm still learning how to use prepared statements.

try var_dumping $_POST to see what the form actually delivers :) — treyBake, Apr 04 '18 at 14:35
Your date inputs don't match the name attributes for the POST arrays. — Funk Forty Niner, Apr 04 '18 at 14:38
Plus, the use of id's suggests JS. Are you using JS at all somewhere that you didn't post? As it stands, the question was closed based on those and being undefined indexes. Having used PHP's error reporting set to catch and display, would have clearly thrown those errors. — Funk Forty Niner, Apr 04 '18 at 14:39
`// insert a row` should be before `// prepare sql and bind parameters` and also validate with `if(isset($_POST['submit']))` — , Apr 04 '18 at 14:39
Moving the assignments above the sql shouldn't help, as he is using bind param: "*Unlike PDOStatement::bindValue(), the variable is bound as a reference and will only be evaluated at the time that PDOStatement::execute() is called.*" - Manual — IncredibleHat, Apr 04 '18 at 14:45
@ThisGuyHasTwoThumbs I just did that and get 'array ()' as a result. — Jack Anyon, Apr 04 '18 at 14:45
If $_POST is just an empty array, then you are losing the post args in transit somewhere. Do you have any redirects in the mix? Apache, htaccess, ISP being stupid, something? Does your browser console say its sending them in the request even? — IncredibleHat, Apr 04 '18 at 14:47
@IncredibleHat. That sounds more like my issue! No redirects. I use apache but its on a local network so no ISP problems. Htaccess is setup as default. I have used non prepared statements on this exact server with no alterations which work fine, its just an issue with posting the data. — Jack Anyon, Apr 04 '18 at 14:51
Does your form actually submit the data? Can you view the $_POST data in the headers that are passed on submit? — Grant, Apr 04 '18 at 14:51
You have name="dateV" and name="dateP" in your form but your $_POST variables from the form submission are $_POST["datePost"] & $_POST["dateValid"] — Grant, Apr 04 '18 at 14:54
@Grant How can I check the submission? I noticed that, but I don't get that far for it to become an issue. I've corrected it in the question. — Jack Anyon, Apr 04 '18 at 14:56
@JackAnyon then your form is not submitting proplery :) is your php script the same page as your form action? — treyBake, Apr 04 '18 at 14:56
Developer Tools: http://www.exegetic.biz/blog/2016/09/viewing-post-data/ — Grant, Apr 04 '18 at 14:57
@ThisGuyHasTwoThumbs Yes its all the same. I can place test PHP in there, such as the var dump for $_POST and it functions just fine. Its just losing the $_POST data — Jack Anyon, Apr 04 '18 at 14:59
@Grant Thank you, I'll have a look into that and see whats happening. — Jack Anyon, Apr 04 '18 at 14:59
@Grant. I've followed the guide. I get 2 files in the left window 'submitNews' and 'submitNews.php'. In submitNews.php I'm seeing what looks to be an issue. '302 Found'. At the bottom of the page under Form Data, I can see some of my data. But not the main body part (Perhaps due to the fact its a textarea?). In the submitNews I do not see any data at all, but do see '200 OK' for the status. — Jack Anyon, Apr 04 '18 at 15:05
Have you set: if(isset($_POST['submit'])){ //ALL YOUR PHP HERE } else { echo "ERROR"; } — Grant, Apr 04 '18 at 15:06
You should still see the name="body" $_POST data it should still post as the rest of the data does. — Grant, Apr 04 '18 at 15:13
Change the name for the body textarea to name="bodyData" and it'll submit fine. Keep the $body variables if you like just change the form textarea name — Grant, Apr 04 '18 at 15:18
@Grant, I've just added the if(isset... part, and I get 'ERROR'. I've changed the name of the textarea to bodyData, but I'm still receiving the initial error. I really appreciate the help you've given me. — Jack Anyon, Apr 04 '18 at 18:59
@Grant, I finally have it working. I have: - Changed every $_POST to $_GET - Changed the textarea name to 'bodyData' - Set the form name to 'news' to allow textarea field to submit the data Thanks again for your help! — Jack Anyon, Apr 04 '18 at 19:15

HTML Form with PHP Prepared Statements Losing $_POST data

0 Answers0