0

I am trying to create a script which uploads an electronic signature to the customers record, I am getting the ID but am not able to create the entry on the database and there is no error message being produced in the logs, simply refreshes the page.

Here is what I have so far.

Code

<?php
include '../../main.php';
check_loggedin($pdo);
$msg    =   null;
$date = new DateTime();
$totay_date = $date->format('Y-m-d\TH:i:s');

    $folderPath = "upload/";
    $image_parts = explode(";base64,", $_POST['signature']);
    $image_type_aux = explode("image/", $image_parts[0]);
    $image_type = $image_type_aux[1];
    $image_base64 = base64_decode($image_parts[1]);
    $file = $folderPath . $name . "_" . uniqid() . '.' . $image_type;
    file_put_contents($file, $image_base64);

if (isset($_GET['id'])) {

    $stmt = $pdo->prepare('SELECT * FROM contacts WHERE id = ?');
    $stmt->execute([$_GET['id']]);
    $contact = $stmt->fetch(PDO::FETCH_ASSOC);

    $stmt = $pdo->prepare('SELECT id,username FROM accounts');
    $stmt->execute();
    $all_account_info = $stmt->fetchAll(PDO::FETCH_ASSOC);

    if(isset($_POST['$name']) == null || isset($_POST['$file'])){
        $msg    =   '';
    }else{
        $id = isset($_POST['id']) && !empty($_POST['id']) && $_POST['id'] != 'auto' ? $_POST['id'] : auto;
        $stmt = $pdo->prepare('INSERT INTO esign VALUES (?, ?, ?, ?)');
        $result = $stmt->execute([$id, $_GET['id'], $_POST['name'], $_POST['$file']]);
        $msg    =   "Signature has been recorded.";

    }

    if (!$contact) {
        exit('Help');
    }
} else {
    exit('No ID specified!');
}

?>

Form

<form action="add-sig.php?id=<?=$contact['id']?>" method="post">
                                <h1>Signature Pad</h1>
                                <div class="col-md-12">
                                    <label class="form-label" for="name">Name</label> <input class="form-control" id="name" name="name" required="" type="text">
                                </div>
                                <div class="col-md-12">
                                    <label class="" for="">Signature:</label><br>
                                    <div id="sig"></div><br>
                                    <textarea id="signature64" name="signature" style="display: none"></textarea>
                                    <div class="col-12">
                                        <button class="btn btn-sm btn-warning" id="clear">&#x232B;Clear Signature</button>
                                    </div>
                                </div><br>
                                <button class="btn btn-success" name="submit" type="submit">Submit</button>
                            </form>
                        </div>

Database

  `id` int(11) NOT NULL,
  `client_id` int(11) NOT NULL,
  `name` varchar(100) NOT NULL,
  `signature_img` varchar(255) NOT NULL

It loads the ID when clicking add signature and the address link looks something like add-sig.php?id=29 when accessing the page from the clients record page.

When I am in the clients record, I would like to be able to view the signature on their record.

The form converts the signature into an image file.

Ahmed Syed
  • 1,179
  • 2
  • 18
  • 44
  • [Why does this PDO statement silently fail?](https://stackoverflow.com/questions/32648371/why-does-this-pdo-statement-silently-fail) might be worth reading. – ADyson Jul 15 '22 at 14:53
  • Although, have you determined that the PDO statement is actually executed at all? Try doing some [basic debugging](https://www.atatus.com/blog/debugging-in-php/) then you can get beyond seeing just the basic symptoms and look at what precisely the code is doing. – ADyson Jul 15 '22 at 14:55
  • 1
    Where is `$_POST['$file']` supposed to come from? I don't see that in your form. Is there some JavaScript you're not showing, to generate that? Even if it does get posted, `|| isset($_POST['$file']` will ensure that the code therefore never executes the statement. And `$_POST['id'] : auto` looks like a syntax error - should it be a string at the end? `if(isset($_POST['$name']) == null` makes no sense either - isset() always returns true or false, it cannot return null. – ADyson Jul 15 '22 at 15:00
  • 2
    I'm thinking you probably meant to write just `$file` instead of `$_POST['$file']` in the execute() statement, and `if(!isset($_POST['name']) || !isset($_POST['signature']))` (note the lack of `$`s!) in the if statement. And it would also make sense to move the code which saves the file inside the `else`, so that it only runs if some data was actually uploaded. – ADyson Jul 15 '22 at 15:21
  • No problem. Please learn how to do more debugging so that you can at least narrow your code down to a specific problem area, even if you don't immediately know how to fix it. Eventually with experience you'll be able to spot this kind of thing just by reading the code, as I did – ADyson Jul 15 '22 at 16:41

0 Answers0