0

So, I'm using prepared statements from PHP to insert an entry from my text field into my database, and when using this prepared statement, the data does get inserted successfully, however, I get this error message:

Error: INSERT INTO posts (firstname, lastname, body, date_posted) VALUES (?, ?, ?, NOW())
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '?, ?, ?, NOW())' at line 1 -->

Any clue on what's occuring? Thanks for the help. PHP code:

<?php

session_start();

// Making Connection To The Database

$dbHost = "localhost";
$dbUser = "root";
$dbPass = "";
$database = "signup";

$connection = mysqli_connect($dbHost, $dbUser, $dbPass, $database) or die ("Sorry, we could not connect to the database");

// Posting System

if (!empty($_POST['postContent'])) {
  $post = $_POST['postContent'];
  $firstname = $_SESSION['firstname'];
  $lastname = $_SESSION['lastname'];

  $sql = "INSERT INTO posts (firstname, lastname, body, date_posted) VALUES (?, ?, ?, NOW())";
  $stmt = mysqli_stmt_init($connection);
  // nested if statement
  if (!mysqli_stmt_prepare($stmt, $sql)) {
    echo "";
  } else {
    mysqli_stmt_bind_param($stmt, "sss", $firstname, $lastname, $post);
    mysqli_stmt_execute($stmt);
  }
} else {
  echo "";
}

if (mysqli_query($connection, $sql)) {
  echo "";
} else {
  echo "Error: " . $sql . "<br>" . mysqli_error($connection);
}

?>
  • 3
    Get rid of `if (mysqli_query($connection, $sql)) {` That would execute the query a second time, but that doesnt take prepared statements. Your `mysqli_stmt_execute($stmt);` is correct to execute. Replace your `echo "";` with error handling and delete the latter conditional block. – user3783243 Nov 07 '21 at 13:54
  • What do you mean by "latter conditional block"? –  Nov 07 '21 at 13:58
  • Delete this whole block, https://3v4l.org/05bWK – user3783243 Nov 07 '21 at 13:59
  • I removed the query. It's working now. Thanks! –  Nov 07 '21 at 13:59
  • You should really never have `echo "";`. that does nothing and I think could just cause issues with the output buffer – user3783243 Nov 07 '21 at 14:00
  • Ok, so how could I replace echo ""; ? –  Nov 07 '21 at 14:02
  • Also, what's occurring is, when I make the post, it reloads the page and inserts the data, which is good. However, if I reload the page, it sends another identical entry into the database. How can we fix this? –  Nov 07 '21 at 14:04
  • Use a session or cookie and check that the value is set, if set process and delete, subsequent loads then wouldnt not have the value. Replacement of the nothing echo varies by place for example in first block just using inverse conditional would have done it, https://3v4l.org/HOF6g. In your cases here you should add the error reporting incase there is an error... I think best practices for mysqli though are using exceptions. – user3783243 Nov 07 '21 at 14:07
  • Ok thanks. If possible, could you please also look at this question and try to give an answer. Thanks a lot! I got an answer, but check the comments to them. Thanks! Question: https://stackoverflow.com/questions/69870070/issue-regarding-text-redirect-which-shouldnt-occur/69870154#69870154 –  Nov 07 '21 at 14:24
  • The answer to that question was AJAX. https://learn.jquery.com/ajax/ – user3783243 Nov 07 '21 at 14:29
  • I know what AJAX is. Could you maybe describe an AJAX code sample for it? –  Nov 08 '21 at 03:23

0 Answers0