Member Avatar for phaea

I've spent a good few hours trying to find the answer to this, even though it seems simple. I know that this error is usually a result of a quote being wrong, but this is the first time I've used PDO and I've tried various combinations of quotes, using BindParam instead of executing with an array, etc. Either this issue is a bit more complicated than that or I'm blind from staring at the code for too long. :)

<?php
    $name = $_POST['name'];
    $table = $_POST['type'];
    $largepath = $_POST['largeimagepath'];
    $smallpath = $_POST['smallimagepath'];

    $name = htmlentities($name);
    $table = htmlentities($table);
    $largepath = htmlentities($largepath);
    $smallpath = htmlentities($smallpath);

    $connection = new PDO('mysql:host=xxx;dbname=xxx',xxx,xxx);
    $connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $sql = "INSERT INTO :table (name,imagepath,thumbimagepath) VALUES (:name,:image,:thumb)";
    $query = $connection->prepare($sql);


    $query->execute(array(":table"=>$table,
                          ":name"=>$name,
                          ":image"=>$largepath,
                          ":thumb"=>$smallpath));

    if($query->rowCount()) {
        echo "Inserted correctly";
    } else {
        echo "Failure inserting";
    }
?>

The error shows up on the line "$query->execute(array":table"=>$table,". When I had that changed to bindparams before the execute though, the error showed up only on the second bindparam, although the two were identical. Very strange. Am I missing something really obvious here?

Edited by pritaeas because: Removed credentials.
  • 2 Contributors
  • 9 Replies
  • 862 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by phaea
Member Avatar for diafol

Don't you need to enclose the username and password within quotes?

Can't see anything obvious.

Member Avatar for phaea

I did try that and came up with the same error. Also tried enclosing the entire host/dbname in that line in double quotes, then the dbname in single quotes since that was how one version of it online was formatted.

Member Avatar for phaea

Ah I had such high hopes but I'm getting the same errors! I changed that part of the code to:

if ($table === "dresses")
    $sql = "INSERT INTO dresses (name,imagepath,thumbimagepath) VALUES (:name,:image,:thumb)";

and removed all instances of :table but have still gotten that same error.

Member Avatar for diafol

You probably don't have to hard code the table. Something like this could work:

$accept_tables = array("dresses","shirts","jeans","socks","ties");

if(in_array($table, $accept_tables)){
    $sql = "INSERT INTO $table (name,imagepath,thumbimagepath) VALUES (:name,:image,:thumb)";
}

However, I wonder about your schema. Do you really need all those different tables? Why not something liek this...

id | prod_type | name | image | thumbimagepath

Where prod_type would be an integer relating to dresses, shirts etc.

Anyway, I'm rambling...

Try using some hard-coded values in the SQL and do an empty execute:

$sql = "INSERT INTO dresses (name,imagepath,thumbimagepath) VALUES ('bigone','dress1.png','thumbdress1.png')";
$query = $connection->prepare($sql);
$query->execute();

See if it works.

Member Avatar for phaea

I think you're right about the table. I'm still early in the process of coding this (obviously), so I think I'll change to your suggestion. Thank you :)

I hard-coded values and got the same error though. I also tried just using the variables directly and that also failed. :/

Member Avatar for diafol

Well, it seems that your connection details are valid or you'd get a thrown exception. It seems that perhaps your fieldnames or tablename may be wrong. Could you copy the error code / exception string here?

Member Avatar for phaea

Parse error: syntax error, unexpected T_STRING in /home/a7857788/public_html/addclothes.php on line 40

There's some HTML before it so the line number isn't accurate, but that's what it says when I submit the form from the previous page to this one. I double-checked the variable match as well, and the table name/field names and they all match as well. :( I don't really think it's relevant but I'm really at a loss, this is the HTML before it:

<html>
<head>
<title>Clothing Added</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head><body>

<div id="centeredmenu">
   <ul>
      <li><a href="index.html">Home</a></li>
      <li><a href="#">View Item Gallery</a>
         <ul>
            <li><a href="#">All</a></li>
            <li><a href="#">Dresses</a></li>
            <li><a href="#">Tops</a></li>
            <li><a href="#">Bottoms</a></li>
        <li><a href="#">Shoes</a></li>
            <li><a href="#">Accessories</a></li>
         </ul>
      </li>
      <li class="active"><a href="add.php">Add Item</a>
      </li>
      <li><a href="#">View Item List</a>
      </li>
   </ul>
</div>
Member Avatar for phaea

It worksss!! I'm honestly not sure what I did, but now it looks like this:

<?php
    $name = $_POST['name'];
    $table = $_POST['type'];
    $largepath = $_POST['largeimagepath'];
    $smallpath = $_POST['smallimagepath'];


    $connection = new PDO("mysql:host=mysql4.000webhost.com; dbname=a7857788_clothes", a7857788_nbrooks, Samson92);
    $connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  if ($table === "dresses")
    $sql = "INSERT INTO dresses (name, imagepath, thumbimagepath) VALUES (:name,:bigurl,:smallurl)";
    $query = $connection->prepare($sql);

    $query->execute(array(':name'=>$name,':bigurl'=>$largepath,':smallurl'=>$smallpath));

?>

Thank you so much for your patient help!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.