1

Trying to insert a single row into my table. Having a mare, tried to use tens of examples on the tinterweb to no success, I must just not understand how PDO works yet.

$stmt = $dbh->prepare ("INSERT INTO table_name (date, link, desc) 
VALUES (:date,:name,:desc)");
$stmt -> bindParam(':date', $date);
$stmt -> bindParam(':name', $name);
$stmt -> bindParam(':desc', $desc);
$stmt -> execute();

move_uploaded_file($_FILES["file"]["tmp_name"], $upload);
Improve this question
2
  • 1
    Then your code is vulnerable to SQL injection Commented Apr 8, 2013 at 8:30
  • via the <select> tag Commented Apr 8, 2013 at 8:32

1 Answer 1

Reset to default
1
  1. You shouldn't allow any direct input to your query from user.
  2. There shouldn't be user-defined table names as well. Your database structure is wrong. It ought to be a single predefined table to store data for all users. So, it must be a field content, not table name
  3. You need to connect to PDO first, and make it properly. See example in PDO tag wiki
  4. So, you'll be able to see errors.
  5. From the error you have to know that desc is a reserved word and have to be formatted.

So, the code have to be

$stm = $dbh->prepare("INSERT INTO table (date,link,`desc`,type) VALUES (?,?,?,?)");
$stm->execute(array($date,$name,$desc,$type));

move_uploaded_file($_FILES["file"]["tmp_name"], $upload);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.