Uploading to database

Question

toxicandy 2 Junior Poster

10 Years Ago

So I have a website that will upload a volunteer html form to our php database, I have most of the PHP working but a few main parts.

Part1: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens in /home/petrzilk/public_html/Database/update.php on line 192 I know this means that I have too many tokens because some of the inputs are empty, how do I fix something like this.

Part2: I have sanitized inputs but my arrays of check boxes would no work unless I user $_POST, is that still secure? Everything else is Sanitized and my dates are read in the format YYYY-MM-DD so from my understanding if I sanitize ints it will only keep numbers and addition and subtraction symbols so it should work.

And lastly I just want to make sure that everything I am doing is secure and correct. I am a beginner at this but I want to avoid every volubility I can.

PHP CODE: http://pastebin.com/W3Pvc6xw
HTML CODE: http://pastebin.com/EMjnibtD

php

2 Contributors
4 Replies
177 Views
1 Hour Discussion Span
Latest Post 10 Years Ago Latest Post by pritaeas

pritaeas 2,194 ¯\_(ツ)_/¯

10 Years Ago

insert into VolunDB
(fname, middle, lname, address, city, state, zip, county, mailing, hphone, ,mphone, wphone, ext, fax, email, ethgroup, other1, occupation, poe, dob, gender, disastervoln, scounty, other2, vskills, interpt, cdl, cpryn, faid, translate, other3, license1, verf1, num1, exp1, license2, verf2, num2, exp2, license3, verf3, num3, exp3, license4, verf4, num4, exp4, license5, verf5, num5, exp5, lsrd, syes, bcert, pauth, etrain, dist1, tdate1, dist2, tdate2, dist3, tdate3, dist4, tdate4, dist5, tdate5, felony, felonys, ehome, erelationship, ehphone, eaddress, ecity, ezip, hdyhau, bdesc) 
values (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)

The number of question marks should match the number of columns. Start counting ;) Next, the number of bindParam's should match the number of question marks.

Update:
The problem is that you use 1 on on all bindParam lines, they should increment.

Edited 10 Years Ago by pritaeas

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

toxicandy 2 Junior Poster · Answer 1 · 2014-07-29T13:33:38+00:00

I did check that, there ae 76 fields and 76 question marks, the reason I feel it is givng the error is because some fields are not filled out, if someone doesn't have anything that fits into something they will leave it blank and so it is an empty variable trying to be added which I don't know if that is why it is causing it to fail. I don't know if there is a way to fix that or if I would have to go into every input statement and check if it is empty and manually add something if it is empty.

toxicandy 2 Junior Poster · Answer 2 · 2014-07-29T14:10:36+00:00

Part one works and everything uploads fine now, thanks for point that out Pritaeas, I don't know how I skipped over it. My last question stands though, is that code secure?

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 3 · 2014-07-29T14:37:42+00:00

You sanitize your input and use parameter binding, so you have a head start.