SQL error with inserting

Question

toxicandy 2 Junior Poster

10 Years Ago

I have the following code:

<?php

$fieldsClause = array();
$bindArray = array();

$fields = array('status','fname','middle','lname','address','city','state','zip','county','mailing','hphone','mphone','wphone','ext','fax','email','ethgroup','other1','occupation','poe','dob','gender','bhv','mrc','general','evv','allCounties','fillmore','johnson','otoe','richardson','seward','butler','gage','lancaster','pawnee','saline','thayer','cass','jefferspm','nemaha','polk','saunders','york','other2','aro','clergy','intskills','bus','child','law','cpr','data','security','emergency','computer','mechanical','administration','firstaid','translation','construction','basicclean','foodprep','animalcare','heavy','dataentry','identification','phone','runner','greeter','interviewer','safety','other2','interpt','cdl','cpryn','translate','other3','license1','verf1','num1','exp1','license2','verf2','num2','exp2','license3','verf3','num3','exp3','license4','verf4','num4','exp4','license5','verf5','num5','exp5','lsrd','syes','bcert','pauth','dist1','tdate1','dist2','tdate2','dist3','tdate3','dist4','tdate4','dist5','tdate5','felony','felonys','ename','erelation','ehphone','eaddress','ecity','ezip','hdyhau','bdesc','record');

foreach($fields as $field){
 if($san = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING)) {
     $fieldClause[] = "`$field` = :$field";
     $bindArray[":field"] = $san;
 }
}
$sql = "INSERT INTO volunDB(";
if (!empty($fieldClause)) $sqlF = implode(', ', $fieldClause);
$stmtString = $sql;
if(isset($sqlF)) {
    $stmtString .= $sqlF .")";
}
$dbh = new PDO('mysql:host=localhost;dbname=petrzilk_test;charset=utf8','petrzilk_dbAdmin', '');
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
echo $stmtString;
$stmt = $dbh->prepare($stmtString);
$stmt->execute($bindArray);

And I get an error:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '= ?, fname = ?, middle = ?, lname = ?, address = ?, county = ?, ethgroup = ?, ge' at line 1' in /home/petrzilk/public_html/Database/testaddVolunteer.php:24 Stack trace: #0 /home/petrzilk/public_html/Database/testaddVolunteer.php(24): PDO->prepare('INSERT INTO vol...') #1 {main} thrown in /home/petrzilk/public_html/Database/testaddVolunteer.php on line 24

I am trying to simplify the following code: http://pastebin.com/8He9JYRt

I am going off of a code that diafol helped with. The code that is working that this is based off of is for searching. The code can be seen: http://pastebin.com/PE70ucux

Am I missing something huge here or am I just missing a minor detail. I've tried debugging, but I can't seem to figure out the exact problem. The only thing I could think of was if something like fname, lname, ... VALUES :fname, :lname, ... had to be done or if I can do the fname = :fname, lname = :lname, ...

php

Edited 10 Years Ago by JorgeM because: moved to php

2 Contributors
6 Replies
267 Views
2 Days Discussion Span
Latest Post 10 Years Ago Latest Post by toxicandy

diafol

10 Years Ago

bit confused as the code you paste here is not the one causing the error. it is your pastebin code (first link).

diafol

10 Years Ago

Ok. The VALUES clause values look fine. The fields values look ok too - I can't see any reserved words there.

if($san = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING)) {
     if ($san == "") {
         $field = "";
     }
     $fieldClause[] = "`$field`";
     $valuesClause[] = ":$field";
     $bindArray[":field"] = $san;
}

May be wrong:

$bindArray[":field"] = $san;

should be

$bindArray[":$field"] = $san;

Also this:

if ($san == "") {
  $field = "";
}

Not sure what that's supposed to do.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

toxicandy 2 Junior Poster · Answer 1 · 2014-09-13T20:28:49+00:00

The pastebin code works, when I switch the page back to it the code works fine and everything is sent to the database just fine. But when I use the code that is in the thread it doesn't work and gives me the error listed above

diafol · Answer 2 · 2014-09-14T10:47:02+00:00

Please echo your prepared statement before you execute and paste the output here.

toxicandy 2 Junior Poster · Answer 3 · 2014-09-14T19:02:49+00:00

The new code is:

<?php
$valuesClause = array();
$fieldsClause = array();
$bindArray = array();

$fields = array('status','fname','middle','lname','address','city','state','zip','county','mailing','hphone','mphone','wphone','ext','fax','email','ethgroup','other1','occupation','poe','dob','gender','bhv','mrc','general','evv','allCounties','fillmore','johnson','otoe','richardson','seward','butler','gage','lancaster','pawnee','saline','thayer','cass','jefferspm','nemaha','polk','saunders','york','other2','aro','clergy','intskills','bus','child','law','cpr','data','security','emergency','computer','mechanical','administration','firstaid','translation','construction','basicclean','foodprep','animalcare','heavy','dataentry','identification','phone','runner','greeter','interviewer','safety','other2','interpt','cdl','cpryn','translate','other3','license1','verf1','num1','exp1','license2','verf2','num2','exp2','license3','verf3','num3','exp3','license4','verf4','num4','exp4','license5','verf5','num5','exp5','lsrd','syes','bcert','pauth','dist1','tdate1','dist2','tdate2','dist3','tdate3','dist4','tdate4','dist5','tdate5','felony','felonys','ename','erelation','ehphone','eaddress','ecity','ezip','hdyhau','bdesc','record');
foreach($fields as $field){
 if($san = filter_input(INPUT_POST, $field, FILTER_SANITIZE_STRING)) {
     if ($san == "") {
         $field = "";
     }
     $fieldClause[] = "`$field`";
     $valuesClause[] = ":$field";
     $bindArray[":field"] = $san;
 }

}
$sql = "INSERT INTO VolunDB(";
if (!empty($fieldClause)) $sqlF = implode(', ', $fieldClause);
if (!empty($valuesClause)) $sqlV = implode(', ', $valuesClause);
$stmtString = $sql;
if(isset($sqlF)) {
    $stmtString .= $sqlF .") VALUES (" . $sqlV . ")";
}
$dbh = new PDO('mysql:host=localhost;dbname=petrzilk_test;charset=utf8','petrzilk_dbAdmin', '');
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
echo $stmtString;
$stmt = $dbh->prepare($stmtString);
$stmt->execute($bindArray);

this is a slightly different code because I made it foo VALUE :foo
The output is below. this is the echo $stmtString;

INSERT INTO VolunDB(status, fname, middle, lname, address, city, state, county, mailing, hphone, mphone, wphone, ext, fax, email, ethgroup, other1, occupation, poe, dob, gender, mrc, general, otoe, pawnee, child, data, safety, license1, verf1, num1, exp1, lsrd, syes, bcert, pauth, dist2, record) VALUES (:status, :fname, :middle, :lname, :address, :city, :state, :county, :mailing, :hphone, :mphone, :wphone, :ext, :fax, :email, :ethgroup, :other1, :occupation, :poe, :dob, :gender, :mrc, :general, :otoe, :pawnee, :child, :data, :safety, :license1, :verf1, :num1, :exp1, :lsrd, :syes, :bcert, :pauth, :dist2, :record)

toxicandy 2 Junior Poster · Answer 4 · 2014-09-15T16:55:40+00:00

Worked, You were right with the $bindArray[]; I did forget the $field and just wrong field. Thank you much. The $san == "" wasn't needed because it worked without it without giving me an error trying to insert a Null value. Thank you!