1

I have a form which has two different actions, one to delete the corresponding MySQL row, the other save it to another database. The delete function works fine, but the save function does not. I'm kind of at a loss at what exactly is wrong, any help is appreciated!

Here's the save/delete code:

if (isset($_POST['save'])) {
    include('publishmod.php');
} elseif (isset($_POST['delete'])) {
    include('deleterequest.php');
} else {
}

while ($row = mysqli_fetch_assoc($result)) {

If statements omitted, unimportant to question. Here is the form:

echo "<form name=\"editmod\" id=\"editmod\" method=\"post\">";
   echo "<tr class='modlist'>";
   echo "<td>".$row['id']."</td>";
   echo "<td><div class=\"edit\" id=\"div_1\">".$row['title']."</div></td>";
   echo "<td><div class=\"edit\" id=\"div_2\"><a href=".$row['mod_url'].">".$row['mod_url']."</a></div></td>";
   echo "<td><div class=\"edit\" id=\"div_3\">".$row['developer']."</div></td>";
   echo "<td><div class=\"edit\" id=\"div_4\">".$row['type']."</div></td>";
   echo "<td><div class=\"edit\" id=\"div_5\">".$v162."$nbsp".$v164."$nbsp".$v172."</div></td>";
   echo "<td><div class=\"edit\" id=\"div_6\">".$row['title'].",$nbsp".$row['developer']."</div></td>";
   echo "<td><input type=\"submit\" name=\"save\" value=\"Save\" id=\"save\"></td>";
   echo "<td><input type=\"submit\" name=\"delete\" value=\"Delete\" id=\"delete\"></td>";
   echo "</tr>";
   echo '<input type="hidden" name="title" value="', htmlspecialchars($row['title'], ENT_QUOTES, 'UTF-8'), '" />';
   echo '<input type="hidden" name="mod_url" value="', htmlspecialchars($row['mod_url'], ENT_QUOTES, 'UTF-8'), '" />';
   echo '<input type="hidden" name="developer" value="', htmlspecialchars($row['developer'], ENT_QUOTES, 'UTF-8'), '" />';
   echo '<input type="hidden" name="type" value="', htmlspecialchars($row['type'], ENT_QUOTES, 'UTF-8'), '" />';
   echo '<input type="hidden" name="v162" value="', htmlspecialchars($row['v162'], ENT_QUOTES, 'UTF-8'), '" />';
   echo '<input type="hidden" name="v164" value="', htmlspecialchars($row['v164'], ENT_QUOTES, 'UTF-8'), '" />';
   echo '<input type="hidden" name="v172" value="', htmlspecialchars($row['v172'], ENT_QUOTES, 'UTF-8'), '" />';
   echo '<input type="hidden" name="id" value="', htmlspecialchars($row['id'], ENT_QUOTES, 'UTF-8'), '" />';
   echo "</form>";

Yes, I am aware it has some HTML tag problems, working on that later.

publishmod.php (the save page) code:

$title = $_POST['title'];
$desc = "HowToInstallMods.com installation tutorial for '.$title.'";
$url = ereg("^[A-Za-z_\-]+$", $title) + ".php";
$keywords = "'.$title.','.$_POST['developer'].'";

// Query

Simple MySQLi connection and error check omitted.

$stmt = $mysqli->prepare("INSERT INTO search (title, description, url, keywords, type, mod_url, developer, v162, v164, v172) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssssssiii", $_POST['title'], $desc, $url, $keywords, $_POST['type'], $_POST['mod_url'], $_POST['developer'], $_POST['v162'], $_POST['v164'], $_POST['v172']);
$stmt->execute();
$stmt->close();

Thanks is advance.

UPDATES:

A solution has not yet been found, but here are the changes that have been made so far from people's fixes/suggestions:

  • Fixed unmatched $_POST values (thanks to gfrobenius)
  • Fixed mistake from previous code, which was an if statement, and converted to regular variable (thanks to Arian)
  • Added missing single quotes between values in query (thanks to damok6)
Improve this question
7
  • Try using print_r($mysqli->errorInfo()); after the execute to see if the pdo statement produces an error. Commented Dec 27, 2013 at 23:23
  • @ssergei Added that before the $stmt->execute();, no error was shown, and after the $stmt->close(); separately, still no error. I still would not rule out that the statement isn't being run for some reason, but as far as I can see the statement seems like it be being executed. Commented Dec 27, 2013 at 23:27
  • Add it after the execute but before the close. Commented Dec 27, 2013 at 23:31
  • @ssergei Yep, tried that first, did not print any errors. Commented Dec 27, 2013 at 23:34
  • If you are not seeing errors and you are not seeing a record inserted then it seems logical to make sure that code is even being reached. Put a var_dump($_POST); die(); IMMEDIATELY before your $mysqli->prepare... let us know if you see anything. Then try what I suggested in my updated answer below. Commented Dec 27, 2013 at 23:39

3 Answers 3

Reset to default
1

One issue that I can quickly see is that the line

$stmt->bind_param("sssssssiii", $_POST[title], $desc, $url, $keywords, $_POST[type], $_POST[mod_url], $_POST[developer], $_POST[v162], $_POST[v164], $_POST[v172]);

is missing all necessary quotation marks for the keys in the $_POST variable, and should read:

$stmt->bind_param("sssssssiii", $_POST['title'], $desc, $url, $keywords, $_POST['type'], $_POST['mod_url'], $_POST['developer'], $_POST['v162'], $_POST['v164'], $_POST['v172']);

Another issue is that the prepared statement

$stmt = $mysqli->prepare(...)

has 10 '?'s and there are 11 parameters in the bind_param(...) statement.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Fixed that, thank you, still no solution yet though.
Cool. Would you mind modifying the original question with that fix to prevent other people offering a similar redundant answer to me. :)
I'm counting 10 for all sections.
1

You have what seems to be an extra ) { at the end of your prepare statement, it should just be a ;

 VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
                                          ^ what is going on here?
Improve this answer

3 Comments

Missed it when I changed it over from an if statement, thanks, but still not luck with the saving.
you should really post the code in your file, instead of changing it before posting it here... we can't find the bug if you are changing numerous things for posting it on SO
I have a hard time believing that, because again, you have two parentheses at the end of your prepare statement )); this would generate a php error easy to see.
1

Not sure if you trimmed your form in order to keep your question short but I don't see any of the $_POST vars you are trying to insert. So it could be erroring because those $_POST vars don't exist and depending on your error settings you may not see the error.

--UPDATED-- Let's rule out one little thing at a time. Please replace your $stmt->bind_param line with this one really quick and just try it and see if anything gets in.

$stmt->bind_param("sssssssiii", 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7', 1, 2, 3);
Improve this answer

4 Comments

Added the rest of the form, should be a little bit clearer now.
Is some other code turning those divs into fields? Because I still don't see the $_POST vars you are attempting to insert. I suggest doing var_dump($_POST); die(); right before your insert and making sure they are all present. Example: you are trying to insert "developer" but your hidden is named "dev".
Okay, updated a few things that didn't match, let me know if you see anything else.
Alright, switched out the line, still no row created, I also have it print any errors, which it did not.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.