How to insert data into column in MySQL database in PHP form

Question

I need help on the code below which I copied from basic PHP tutorial and trying to edit it. The agent will fill up the form with user id and password given by the administrator with a vehicle plate field for the agent to key in and store into the database, it'll then redirect the agent to a link. All codes are working properly including redirect user to different page except for the part on **// Add vehicle plate ----------------------------------------//** section.

<?php

session_start();
// Change this to your connection info.
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = 'password123';
$DATABASE_NAME = 'databasetest123';

// Try and connect using the info above.
$con = mysqli_connect($DATABASE_HOST, $DATABASE_USER, $DATABASE_PASS, $DATABASE_NAME);
if (mysqli_connect_errno()) {
    // If there is an error with the connection, stop the script and display the error.
    exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
// Now we check if the data from the login form was submitted, isset() will check if the data exists.
if (!isset($_POST['agentname'], $_POST['vehicleplate'], $_POST['password'])) {
    // Could not get the data that should have been sent.
    exit('All fields are required!');
}
// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT agentcode, password FROM agentlist WHERE agentname = ?')) {
    // Bind parameters (s = string, i = int, b = blob, etc), in our case the agentname is a string so we use "s"
    $stmt->bind_param('s', $_POST['agentname']);
    $stmt->execute();
    // Store the result so we can check if the account exists in the database.
    $stmt->store_result();

    if ($stmt->num_rows > 0) {
        $stmt->bind_result($agentcode, $password);
        $stmt->fetch();
        // Account exists, now we verify the password.
        // Note: remember to use password_hash in your registration file to store the hashed passwords.
        if (password_verify($_POST['password'], $password)) {
            // Verification success! User has loggedin!
            // Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
            session_regenerate_id();
            $_SESSION['loggedin'] = true;
            $_SESSION['agentname'] = $_POST['agentname'];
            $_SESSION['agentcode'] = $agentcode;

            // Add vehice plate ----------------------------------------//
            //$stmt = $mysqli->prepare("SELECT EXISTS(SELECT 1 FROM agentlist WHERE vehicleplate = ?)");
            $stmt = $con->prepare("SELECT count(3) FROM agentlist WHERE vehicleplate = '?'");
            $stmt->bind_param('s', $_POST['vehicleplate']);
            $stmt->execute();
            $stmt->bind_result($exists);
            $stmt->fetch();

            if ($exists) {
                echo 'Vehicle plate already exist! Please enter another.';
            //$_SESSION['error'] = "Vehicle plate already exist! Please enter another.";
            } else {
                $stmt = $con->prepare('INSERT INTO agentlist (vehicleplate, agentname, password, email) VALUES (?, ?, ?, ?)');
                $stmt->bind_param('sssss', $_POST['vehicleplate'], $_POST['agentname'], $password, $_POST['email'], $uniqid);
                $stmt->execute();
            }

            //if($exists) {
            //  $_SESSION['error'] = "Vehicle plate already exist! Please enter another.";
            //} else
            //  if ($stmt = $con->prepare('INSERT INTO agentlist (vehicleplate, agentname, password, email) VALUES (?, ?, ?, ?)')) {
            //  $stmt->bind_param('sssss', $_POST['vehicleplate'], $_POST['agentname'], $password, $_POST['email'], $uniqid);
            //  $stmt->execute();
            //  }
            error_reporting(E_ALL);
            ini_set('display_errors', '1');
            //----------------------------------------------------------//
            header("Location: agent_axa_registration.php"); /*https://w12.financial-link.com.my/PremiumLink3/login?compcode=07&pagePurpose=QUO&agtcode=39962*/
        } else {
            // Incorrect password
            $_SESSION['error'] = "Incorrect password!";
            header("Location: agent_login.php"); //send user back to the login page.
        }
    } else {
        // Incorrect agentname
        $_SESSION['error'] = "Incorrect agentname!";
        header("Location: agent_login.php"); //send user back to the login page.
    }
    //echo 'Welcome ' . $_SESSION['agentname'] . '!';
    //} else {
    // Incorrect password
    //echo 'Incorrect password!';
    //}
    //} else {
    // Incorrect agent name
    //echo 'Incorrect agent name!';
    //}
    $stmt->close();
}

In my database, there's 5 column - agentcode, agentname, vehicleplate, email, password. But in the agent form, we only need the agent to key in agentcode, agentname, vehicleplate, and password. Email is not necessary for the agent to key in as it's only for admin reference. Is it possible to only have 4 fields in the form instead of all 5 fields? The 'sssss' is it referring to 5 fields?

do you want to add a new column to database table using php? — S.Sachith, Dec 19 '20 at 09:10
the column is already there, just empty field to be fill up by agent. There's no error message, it just doesn't add the vehicle plate to the empty field. Right after submitting the form, it just redirect agent to another page. — user1427449, Dec 19 '20 at 09:28
the problem is definitely with select query, where you added quotes around a placeholder — Your Common Sense, Dec 20 '20 at 06:20

S.Sachith · Answer 1 · 2020-12-19T10:59:31.113

-2

Question is still not clear to me but as I can understand. you want to insert data into some column that is not mentioned.

So as I can see in this query prepare line

 $stmt = $con->prepare('INSERT INTO agentlist (vehicleplate, agentname, password, email) VALUES (?, ?, ?, ?)');

In here only 4 columns that you can insert data. those are,

vehicleplate
agentname
password
email

But in the bind parameters into the query line have 5 parameters,

$stmt->bind_param('sssss', $_POST['vehicleplate'], $_POST['agentname'], $password, $_POST['email'], $uniqid);

That's mean you a going to bind 5 parameters into 4 columns in your query

So here is the solution

As you mentioned in the bellow comments,I will remove the $uniqid field.
change your bind parameters line into this code

$stmt->bind_param('sssss', $_POST['vehicleplate'], $_POST['agentname'], $password, $_POST['email']);

edited Dec 19 '20 at 10:59

answered Dec 19 '20 at 09:55

S.Sachith

536
1
9
21

Sorry, forgot to mentioned that I wanted to insert data into vehicleplate column. I thought there's 5 parameters - $_POST['vehicleplate'], $_POST['agentname'], $password, $_POST['email'], $uniqid. Or is $uniqid not count as one? Also, just checked agian, I did actually get error message:- – user1427449 Dec 19 '20 at 10:23
Fatal error: Uncaught ArgumentCountError: The number of variables must match the number of parameters in the prepared statement in C:\Users\gwyn\Desktop\xampp\htdocs\coverbox\coverbox_new\authenticate.php:44 Stack trace: #0 C:\Users\gwyn\Desktop\xampp\htdocs\coverbox\coverbox_new\authenticate.php(44): mysqli_stmt->bind_param('s', 'ABC123') #1 {main} thrown in C:\Users\gwyn\Desktop\xampp\htdocs\coverbox\coverbox_new\authenticate.php on line 44 – user1427449 Dec 19 '20 at 10:23
exactly what I mentioned " The number of variables must match the number of parameters in the prepared statement in" – S.Sachith Dec 19 '20 at 10:25
do you want $uniqid data into your databse or not?,if yesremove it from the bind parameter line – S.Sachith Dec 19 '20 at 10:26
Actually I've no idea where the uniqueid is from. I just copied from tutorial and trying to learn form it. There's only 4 column in my database - agentcode (this will be auto increment), agentname, vehicleplate and password. – user1427449 Dec 19 '20 at 10:50
okay i will change the above code then copy and paste it – S.Sachith Dec 19 '20 at 10:57
in my database, there's 5 column - agentcode, agentname, vehicleplate, email, password. But in the agent form, we only need the agent to key in agentcode, agentname, vehicleplate and password. Email is not necessary for the agent to key in as it's only for admin reference. Is it possible to only have 4 field in the form instead of all the5 field? The 'sssss' is it referring to 5 field ? I tried your code but it still give the same error. – user1427449 Dec 19 '20 at 11:34
yha its possible u have to set parameters like here $stmt = $con->prepare('INSERT INTO agentlist (agentcode, agentname, vehicleplate, $password) VALUES (?, ?, ?, ?)'); $stmt->bind_param('ssss', $agentcode,$_POST['agentname'],$_POST['vehicleplate'], $password, ); – S.Sachith Dec 19 '20 at 13:35

How to insert data into column in MySQL database in PHP form

1 Answers1

So here is the solution