0

I doesn't found answer on stackoverflow that works for me, so when I save data to mySQL using PHP, I added 2 parameters. When saving imgfile parameter, it just saves parameter name.

Parameter:

$stmt->bindParam(':imgfile', $newfilename);

In Database after updating:

---------------------------
 ID   imgfile
---------------------------
  1   :imgfile
---------------------------

What expected to see:

---------------------------
  ID   imgfile
---------------------------
   1   45678_profile.png
---------------------------

My whole code(I set id to 1, the user that exists, if PHP was not able to get ID):

     if (move_uploaded_file($_FILES["file"]["tmp_name"], "/home1/bubos/public_html/homework/images/pfimages/" . $newfilename)) {
        $stmt = $conn->prepare("UPDATE `users` SET `profileimg` = ':imgfile'  WHERE `users`.`id` = 1");
        $stmt->bindParam(':id', $_SESSION['user_id']);
        $stmt->bindParam(':imgfile', $newfilename );

if ( $stmt = $conn->prepare("UPDATE `users` SET `profileimg` = ':imgfile'  WHERE `users`.`id` = 1")) {
    $stmt->execute();
    $message = "Image was uploaded to server and set successfully!";
} else {
    $message = "Image uploaded to server, but error occurred on image setting!";
}
} else {
    $message =  "Error on image uploading to server!";
}

Can anyone say how can I fix it?

  • Sorry which parameter is not binding properly? can you post the SQL error? – wdfc Jun 17 '18 at 20:11
  • @wdfc Parameter :imgfile is not binding properly. I am running website on shared host. I have phpMyAdmin. Where I can get SQL errors? –  Jun 17 '18 at 20:16
  • You need to either turn PHP debugging on and check the debug logs, or you can directly check the server logs. I would recommend setting up an environment where you can easily see these errors – wdfc Jun 17 '18 at 20:19
  • 3
    `':imgfile'` - don't put placeholders in quotes. – Paul Spiegel Jun 17 '18 at 20:21
  • Try binding the user ID the same way you binded :imgfile instead of hard coding it – wdfc Jun 17 '18 at 20:21
  • 1
    As @PaulSpiegel says, remove the quotation marks around your placeholder. It isn’t treated as a placeholder if you put it in quotes; it’s treated as a literal string. – elixenide Jun 17 '18 at 20:32
  • @wdfc That is not relevant to the problem. It would be better practice by far to bind both values, but that is not why the query is not working as expected. – elixenide Jun 17 '18 at 20:34
  • @PaulSpiegel I removed placeholders from `profileimg` = ':imgfile' an now it looks like this: `profileimg` = :imgfile. Now I get Warning: Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: no parameters were bound When I remove placeholders in bindParam it shows error and page will not open. –  Jun 18 '18 at 06:46
  • Because you are `prepare`ing another statement a second time and then not binding anything to it. – deceze Jun 18 '18 at 09:17
  • @deceze I am new to PHP, can you explain more? –  Jun 18 '18 at 09:20
  • Read your own code. You have `$stmt = $conn->prepare`, then you're binding parameters to that statement. And then you have `$stmt = $conn->prepare` *again*, but you're not binding anything to that statement and just `execute` it. That's where the error message comes from and that should be pretty self explanatory. – deceze Jun 18 '18 at 09:21
  • @deceze I removed second $stmt = $conn->prepare, but it's not working, just parameter name is updating into row. –  Jun 18 '18 at 09:26

0 Answers0