0

Does anyone know why I am getting this error in my code? Its also appearing on the two lines below it as well. I thought it might've been something wrong with my query but my query seems correct to me. I also thought it could be possibly to do with the 's' in mysqli_stmt_bind_param but I'm really not sure so any help would be awesome.

makeabooking.php code:

<!DOCTYPE HTML>
<html><head><title>Make a Booking</title> </head>
 <body>

<?php
//function to clean input but not validate type and content
function cleanInput($data) {  
 return htmlspecialchars(stripslashes(trim($data)));
}

//the data was sent using a formtherefore we use the $_POST instead of $_GET
//check if we are saving data first by checking if the submit button exists in the array
if (isset($_POST['submit']) and !empty($_POST['submit']) and ($_POST['submit'] == 'Book')) {
//if ($_SERVER["REQUEST_METHOD"] == "POST") { //alternative simpler POST test    
  include "config.php"; //load in any variables
  $DBC = mysqli_connect("127.0.0.1", DBUSER, DBPASSWORD, DBDATABASE);


  if (mysqli_connect_errno()) {
    echo "Error: Unable to connect to MySQL. ".mysqli_connect_error() ;
    exit; //stop processing the page further
  };

 //validate incoming data - only the first field is done for you in this example - rest is up to you do



//customernumber
$error = 0; //clear our error flag
$msg = 'Error: ';
if (isset($_POST['contactnumber']) and !empty($_POST['contactnumber']) and is_string($_POST['contactnumber'])) {
   $cn = cleanInput($_POST['contactnumber']); 
   $contactnumber = (strlen($cn)>50)?substr($cn,1,50):$cn; 
   //check length and clip if too big
   //we would also do context checking here for contents, etc       
} else {
   $error++; //bump the error flag
   $msg .= 'Invalid'; //append eror message
   $cn = '';  
} 

 
//save the customer data if the error flag is still clear
 if ($error == 0) {
    $query = ("INSERT INTO booking contactnumber VALUES (?)");
    $stmt = mysqli_prepare($DBC,$query); //prepare the query
    mysqli_stmt_bind_param($stmt,'s',$cn); 
    mysqli_stmt_execute($stmt);
    mysqli_stmt_close($stmt);    
    echo "<h2>Booking saved</h2>";        
} else { 
  echo "<h2>$msg</h2>".PHP_EOL;
}      
mysqli_close($DBC); //close the connection once done
}
?>

<form method = "post" action = "makeabooking.php">
<p>  
<label for="contactnumber">Contact number: </label>
<input type="text" name="contactnumber" required> 
</p>

</form>
</body>
</html>
Ty Bown
  • 17
  • 4
  • The query isn't prepared correctly (`INSERT INTO booking contactnumber VALUES (?)` is probably `INSERT INTO booking (contactnumber) VALUES (?)`). Always check the result from the `mysqli_prepare()` call. – Zhorov Jan 28 '21 at 07:56

1 Answers1

0

INSERT INTO booking contactnumber

isn't correct, no. Assuming contactnumber is a column name then

INSERT INTO booking (contactnumber) ...

would be correct.

Documentation: https://dev.mysql.com/doc/refman/8.0/en/insert.html

See also this guide on how to get the real mysqli error, to make to easier to fix problems like this: https://stackoverflow.com/a/22662582/5947043

ADyson
  • 57,178
  • 14
  • 51
  • 63