1

Trying to build a form to add items to a database, but every time i click 'submit' it throws an error, and im having trouble spotting what is wrong.

The code i'm working with, its throwing an error for line 52, which has '));' and i've tried to change it around with no luck. Any help/guidance would be greatly appreciated.

Error message 'Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: parameter was not defined'

<?php

if(isset($_POST['submit'])){

    // Field validation
    if(strlen($_POST['groupname']) == ''){
        $error[] = 'Please enter group/individual name';
    }

    if(strlen($_POST['address1']) == ''){
        $error[] = 'Please enter first line of address';
    }

    if(strlen($_POST['city']) < 2){
        $error[] = 'City field too short.';
    } 
    if(strlen($_POST['postcode']) < 7){
        $error[] = 'Please enter valid postcode.';
    }
    if(strlen($_POST['phone']) < 11){
        $error[] = 'Please enter valid contact number.';
    }
    if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
        $error[] = 'Please enter a valid email address';
    } else {
        $stmt = $con->prepare('SELECT email FROM groups WHERE email = :email');
        $stmt->execute(array(':email' => $_POST['email']));
        $row = $stmt->fetch(PDO::FETCH_ASSOC);

        if(!empty($row['email'])){
            $error[] = 'Email provided is already in use.';
        }


        //If no errors - proceed
        if(!isset($error)){

            try {

                //insert into database with a prepared statement
                $stmt = $con->prepare('INSERT INTO groups (groupName,address1,address2,city,postcode,phoneNumber,email,coOrdinator)
                                VALUES (:groupname, :address1, :address2, :city, :postcode, :phone, :email, :co-ordinator)');
                $stmt->execute(array(
                                     ':groupname' => $_POST['groupname'],
                                     ':address1' => $_POST['address1'],
                                     ':address2' => $_POST['address2'],
                                     ':city' => $_POST['city'],
                                     ':postcode' => $_POST['postcode'],
                                     ':phone' => $_POST['phone'],
                                     ':email' => $_POST['email'],
                                     ':co-ordinator' => $_POST['co-ordinator']
                                     ));

                if ( $stmt ){
                    echo "<p>Kit has been added successfully!</p>";
                } else {
                    echo "<p>Sorry, there has been a problem adding the item.</p>";
                }


                exit();

                //else catch the exception and show the error.
            } catch(PDOException $e) {
                $error[] = $e->getMessage();
            }
        }
    }
Improve this question

1 Answer 1

Reset to default
3

Placeholders can't have hyphens in them, they have the same syntax as SQL identifiers (except for the : prefix). Change :co-ordinator to :coordinator.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks alot! Definately wont forget that in future!
you can use underscores though. Which ever parameter naming strategy you use try to make sure its unique to only those parameters and used globally it will ease in reading the code. It goes for all attributes, methods etc you don't have to follow a coding standard. its not recommended but as long as you are consistent you can make your own standard.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.