Jump to content
Killersites Community
Sign in to follow this  
debmc99

PHP Undefined Variable Question

Recommended Posts

Hello, I am trying to use this script below to store a .pdf or .doc file in a MySQL database. I am getting the following errors when I test it in WAMP:

 

An error accured while the file was being uploaded. Error code: 2

Notice: Undefined variable: dbLink in C:\wamp\www\my_php\blob\myblob\processfile.php on line 47

 

Fatal error: Call to a member function close() on a non-object in C:\wamp\www\my_php\blob\myblob\processfile.php on line 47

 

I am trying to understand how all of this works, but it seems like $dbLink was defined in script already when I connect to the database. Can anyone explain what may be causing the error? Thank you very much.

 

<?php
// Check if a file has been uploaded
if(isset($_FILES['uploaded_file'])) {
   // Make sure the file was sent without errors
   if($_FILES['uploaded_file']['error'] == 0) {
       // Connect to the database
       $dbLink = new mysqli('localhost', 'root', '', 'blob');
       if(mysqli_connect_errno()) {
           die("MySQL connection failed: ". mysqli_connect_error());
       }

       // Gather all required data
       $name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);
       $mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
       $data = $dbLink->real_escape_string(file_get_contents($_FILES  ['uploaded_file']['tmp_name']));
       $size = intval($_FILES['uploaded_file']['size']);

       // Create the SQL query
       $query = "
           INSERT INTO `testblob` (
               `name`, `mime`, `size`, `data`, `created`
           )
           VALUES (
               '{$name}', '{$mime}', {$size}, '{$data}', NOW()
           )";

       // Execute the query
       $result = $dbLink->query($query);

       // Check if it was successfull
       if($result) {
           echo 'Success! Your file was successfully added!';
       }
       else {
           echo 'Error! Failed to insert the file'
              . "<pre>{$dbLink->error}</pre>";
       }
   }
   else {
       echo 'An error accured while the file was being uploaded. '
          . 'Error code: '. intval($_FILES['uploaded_file']['error']);
   }


   //Close the mysql connection
   $dbLink->close();


}
else {
   echo 'Error! A file was not sent!';
}

// Echo a link back to the main page
echo '<p>Click <a href="index.html">here</a> to go back</p>';
?>

Share this post


Link to post
Share on other sites

$dbLink is taking a value inside an "if" statement. So if that IF statement is not true, $dbLink will never get a value, thus it will be "undeclared". So when that "if" statement fails, $dbLink has no value, but going by the program logic it will still try to execute the line $dbLink->close(), but it will fail miserably because $dbLink doesn't have any value, so trying to close() it will not work and so it gives you the error :rolleyes:

 

So close the SQL Connection in the same context (context = the same IF statement that it was declared & opened in). See below:

<?php
// Check if a file has been uploaded
if(isset($_FILES['uploaded_file'])) {
   // Make sure the file was sent without errors
   if($_FILES['uploaded_file']['error'] == 0) {
       // Connect to the database
       $dbLink = new mysqli('localhost', 'root', '', 'blob');
       if(mysqli_connect_errno()) {
           die("MySQL connection failed: ". mysqli_connect_error());
       }

       // Gather all required data
       $name = $dbLink->real_escape_string($_FILES['uploaded_file']['name']);
       $mime = $dbLink->real_escape_string($_FILES['uploaded_file']['type']);
       $data = $dbLink->real_escape_string(file_get_contents($_FILES  ['uploaded_file']['tmp_name']));
       $size = intval($_FILES['uploaded_file']['size']);

       // Create the SQL query
       $query = "
           INSERT INTO `testblob` (
               `name`, `mime`, `size`, `data`, `created`
           )
           VALUES (
               '{$name}', '{$mime}', {$size}, '{$data}', NOW()
           )";

       // Execute the query
       $result = $dbLink->query($query);

       // Check if it was successfull
       if($result) {
           echo 'Success! Your file was successfully added!';
       }
       else {
           echo 'Error! Failed to insert the file'
              . "<pre>{$dbLink->error}</pre>";
       }

	//Close the mysql connection
    $dbLink->close();
   }
   else {
       echo 'An error accured while the file was being uploaded. '
          . 'Error code: '. intval($_FILES['uploaded_file']['error']);
   }
}
else {
   echo 'Error! A file was not sent!';
}

// Echo a link back to the main page
echo '<p>Click <a href="index.html">here</a> to go back</p>';
?>

Edited by BeeDev

Share this post


Link to post
Share on other sites

EDIT: Looks like BeeDev got to it first...

 

You might need to move the "$dbLink = new mysqli('localhost', 'root', '', 'blob');" line outside of the if/else statement. It seems like the DB connection is only opened if the file is uploaded correctly, but if there is an error, there is no open db connection to close, causing the error.

 

Alternatively, (and the more I think about it, the more sense this makes) just move the close() line within the if statement, just after

 

if($result) {
       echo 'Success! Your file was successfully added!';
       }
       else {
           echo 'Error! Failed to insert the file'
              . "<pre>{$dbLink->error}</pre>";
       }

 

That's at least my initial guess... try that and let me know if it works.

Share this post


Link to post
Share on other sites

I would suggest storing the files outside of the database and just store a URL reference to the file in MySQL.

 

... Blob transactions are heavy on relational databases.

 

Stefan

Share this post


Link to post
Share on other sites

Actually, I am setting up a website where only a few people will have access to a login area, and upon successful login, will be directed to a page where they can upload some Word docs and pdf files, etc. It is not meant to be a heavy storage thing, just something that is secure since the files will have personal information in them and easy for me to set up. It also needs to be easy for the client to access the files.

 

That being the case, I was wondering if storing the files outside the database is still the best option? I just want to do what works best in a situation like this. And again, unfortunately, it needs to be relatively easy since I am still learning. Any advice would be appreciated. Thank you.

Share this post


Link to post
Share on other sites

I would store the files outside of the database -- upload them to a specific location and save the URL to that location in the database. At least in my opinion, that should be significantly easier than trying to store the files within the database, and should help reduce the size of the database as well.

Share this post


Link to post
Share on other sites

Hello,

 

I now have an upload form that stores the uploaded file outside the database and in its own directory on the server. The name, type, size, and path are stored in the database. I have two questions:

 

First, I am concerned about security and want to make sure I didn't make a glaring mistake. If anyone could take a look at my code below and let me know if I left a vulnerability somewhere, I would greatly appreciate it. The upload form itself can only be accessed by members who login, not the general public. The upload page will have an SSL certificate. Upon uploading, the original file name is changed to a unique name and the directory is hidden. I am also planning on adding sessions. Can anyone tell me if I am missing something in terms of security? The easier the explanation the better as I am new to this.

 

Second, I now need to be able to download the files. I am not sure how to go about this since the unique file name uses md5. Would you try to list files by date uploaded? Any pointing in the right direction would be a great help. Thank you.

 

<?php
/*
*  PROCESSFILE.PHP
*  Password protected area to process members' uploaded files

  // begin Dave B's Q&D file upload security code
 $allowedExtensions = array("doc","docx","pdf","jpg","jpeg","gif","png");
 foreach ($_FILES as $file) {
   if ($file['tmp_name'] > '') {
     if (!in_array(end(explode(".",
           strtolower($file['name']))),
           $allowedExtensions)) {
      die($file['name'].' Sorry, this is an invalid file type!<br/>'.
       '<a href="javascript:history.go(-1);">'.
       '<&lt Go Back</a>');
     }
   }
 }
 // end Dave B's Q&D file upload security code 

$uploadDir = "./uploaded/";

 // Check if file has been uploaded 
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];

$filePath = $uploadDir . $fileName;

// get the file extension first
$ext = substr(strrchr($fileName, "."), 1);

// make the random file name
$randName = md5(rand() * time());

// and now we have the unique file name for the upload file
$filePath = $uploadDir . $randName . '.' . $ext;

$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}

// Connect to the database
$dbLink = new mysqli('$host','$user','$pass','$db');
	if(mysqli_connect_errno()) {
		die("MySQL connection failed: ". mysqli_connect_error());
       }

if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}

$query = "INSERT INTO uploadpath (name, type, size, path ) ".
"VALUES ('$fileName', '$fileSize', '$fileType', '$filePath')";

mysqli_query($dbLink, $query) or die('Error, query failed : ' . mysqli_error($dbLink));

// close db connection 
$dbLink->close();


echo "<p> The file, $fileName, has been successfully uploaded </p>";

}
?>

Share this post


Link to post
Share on other sites

Haven't managed to go through your code, but I just wanted to suggest a few things in terms of the questions you asked.

 

Firstly, how to display files for download when you've changed the names. This one is quite easy actually, you just need to store 2 file names for each file, first is the md5 name which will be the actual filename, and second will be the "old" filename (mysecuredoc.doc for example) and this will only be used to display the links.

 

In terms of actually securely downloading, I have set this up before. But I'm not sure how secure it is ...

 

Basically the idea is to have a download page, which checks the session if the person requesting the download has the right login credentials etc, then after the checks pass, the download page gets the md5 file name from the database (a querystring with the display name, or ID of database record probably needs to be passed to this page). However instead of forwarding the user to that file, you need to serve the file from the download page. To do that it's quite simple you just set some headers, and then fopen (php function) the file and send it. For this to work, you will need to store the filetype (MIME type) in the database as well, to create a correct header.

 

Sample code below which i've written long ago for a site, but it's just to give you and idea.

 

$f contains the file path and name (for example: "/home/mysite.com/secure/files/23123kjlk3231.doc"), and $af contains the display name (for example: "mysecuredoc.doc") which needs to be URL Encoded, and last parameter $ftype is the file MIME type.

function sendFile($f, $af, $ftype)
{
 // common MIME types:
 // use application/msword for .doc files
 // use application/vnd.openxmlformats-officedocument.wordprocessingml.document for .docx
 // use application/octet-stream for any binary file
 // use application/x-executable-file for executables
 // use application/x-zip-compressed for zip files
 // use application/pdf for pdf documents
 // Visit http://filext.com/faq/office_mime_types.php for more MS Office Mime Types


 if($f != '')
 {

   header("Content-Type: ".$ftype);
   header("Content-Length: " . filesize($f));
   header("Content-Disposition: attachment; filename=\"$af\"");
   header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
   $fp = fopen($f,"r");
   fpassthru($fp);
   fclose($fp);
   return true;

 }else{

   return;

 }
}

 

Hope this is useful. Good luck :D

Share this post


Link to post
Share on other sites

Thank you for the help. I will give it a try. Another question I have is, regarding this line of code:

$dbLink = new mysqli('$host','$user','$pass','$db');

 

Is it ok to hard code the connection like this? I looked at the manual on php.net and the example shows this:

$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'my_db');

 

Just wondering if this was ok or if I should be using includes. Thank you.

Share this post


Link to post
Share on other sites

The only difference between the two lines is that in the first examples, you are using variables ('$host'), whereas in the second you are inserting the mysqli connection details directly ('localhost').

 

Either method should work fine. The only question I have about the first example is that I don't believe the quotes around the variables within mysqli() function are necessary. Usually variables within single quotes aren't parsed by PHP (at least with standard PHP strings), but I'm not sure on that without testing it myself, so it may not be a problem.

Share this post


Link to post
Share on other sites

Hello,

 

I am trying to download files from a server. I need the file names to display and then, from what I have researched, I need to force downloads. However, the original file names, file types and paths are stored in mysql and the file itself, when uploaded, gets moved to its own directory and has md5 added to the name. BeeDev was kind enough to post the code below, which is helpful, but it seems to look for a specific file and I need to list all .doc, .pdf files, etc. I have been looking on Google for two days to find out how to do this. Can anyone tell me how I would list all the files in the db, but have the file paths show up as links to download? Or if you know of a tutorial, please point me in the right direction. Thank you. And thanks BeeDev.

 

$f contains the file path and name (for example: "/home/mysite.com/secure/files/23123kjlk3231.doc"), and $af contains the display name (for example: "mysecuredoc.doc") which needs to be URL Encoded, and last parameter $ftype is the file MIME type.

function sendFile($f, $af, $ftype)
{
 // common MIME types:
 // use application/msword for .doc files
 // use application/vnd.openxmlformats-officedocument.wordprocessingml.document for .docx
 // use application/octet-stream for any binary file
 // use application/x-executable-file for executables
 // use application/x-zip-compressed for zip files
 // use application/pdf for pdf documents
 // Visit http://filext.com/faq/office_mime_types.php for more MS Office Mime Types


 if($f != '')
 {

   header("Content-Type: ".$ftype);
   header("Content-Length: " . filesize($f));
   header("Content-Disposition: attachment; filename=\"$af\"");
   header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
   $fp = fopen($f,"r");
   fpassthru($fp);
   fclose($fp);
   return true;

 }else{

   return;

 }
}

Share this post


Link to post
Share on other sites

BeeDev's code is intended to be used to allow users to download a specific file. Rather than giving them the direct path to the file (which potentially would allow unauthorized users to download files if they knew or guessed the URL) you could give them a url like this: yoursite.com/getfile.php?id=3435454334 (where id was the MD5 file name of the file, for example). When they viewed that page, PHP would find the correct file based on the id in the URL from the data in the database, check to make sure the user was authorized to download the file, and then provide the file to the user using the sendFile() function above. BeeDev's code isn't intended to display the files available to the user, just download a specific file.

 

Displaying a list of files that the user could download should be relatively simple. You'd need to do a MySQL query to access whatever table in the database holds the file data, and only get the records that are associated with the current user. (If you haven't already, I would do this by assigning each user in the system a unique user ID. When a file got uploaded, the user ID of the user who uploaded the file would be stored in the database along with the file details. You could then search the table that holds the file data and only return rows that had a specific user's ID). Once you have those results, you would loop through them one at a time, generating a link for each file and displaying it to the user.

 

I put together a tutorial a while ago that covers some of the basic principles of PHP and MySQLi, showing viewers how to create/remove/edit/delete records from a database (commonly called CRUD). The code is available here: http://www.killersites.com/community/index.php?/topic/3064-basic-php-system-view-edit-add-delete-records-with-mysqli/ and I did a couple part screencast showing how I wrote the code that is available in the KS University within the PHP section if you have a KS University subscription. (http://www.killersites.com/university). It might be worth it to take a look at the view.php file from my code:

 

if ($result = $mysqli->query("SELECT * FROM players ORDER BY id"))
                       {
                               // display records if there are records to display
                               if ($result->num_rows > 0)
                               {
                                       // display records in a table
                                       echo "<table border='1' cellpadding='10'>";

                                       // set table headers
                                       echo "<tr><th>ID</th><th>First Name</th><th>Last Name</th><th></th><th></th></tr>";

                                       while ($row = $result->fetch_object())
                                       {
                                               // set up a row for each record
                                               echo "<tr>";
                                               echo "<td>" . $row->id . "</td>";
                                               echo "<td>" . $row->firstname . "</td>";
                                               echo "<td>" . $row->lastname . "</td>";
                                               echo "<td><a href='records.php?id=" . $row->id . "'>Edit</a></td>";
                                               echo "<td><a href='delete.php?id=" . $row->id . "'>Delete</a></td>";
                                               echo "</tr>";
                                       }

                                       echo "</table>";
                               }
                               // if there are no records in the database, display an alert message
                               else
                               {
                                       echo "No results to display!";
                               }
                       }
                       // show an error if there is an issue with the database query
                       else
                       {
                               echo "Error: " . $mysqli->error;
                       }

The code snippet above shows how to query the database and echo out the rows of results. The main difference above with what you want is that you'd want to use the WHERE (http://www.tizag.com/mysqlTutorial/mysqlwhere.php) to specify which files you want to get (related to the user's ID) rather than displaying everything.

Share this post


Link to post
Share on other sites

Hello,

 

Yes, I did try your code earlier to see if I could read what was in the db and it worked fine (thank you!). I can list the file names in the db, but again, I am only storing information, the actual file is in a directory on the server, which is what I need to get to, but also how do you make those files downloadable, as in show up as URLs or something that are clicked on and then the Save As dialogue box opens?

Share this post


Link to post
Share on other sites

Then I'd do this... Create a new page, perhaps called downloadFile.php.

 

This file will:

-- Accept an id in the url: downloadFile.php?id=2342043234 (The ID will be the md5 of the file name)

-- PHP will be used to get the id from the URL and search the database for the correct file. It will return the file details -- the location of the file on the server and who is authorized to view it.

-- It will then check that the correct user is logged in and that they are authorized to view the file. If not, it will display an error/redirect.

-- If the user is authorized to access the file, it will pass in the correct information to the sendFile function, which should generate the download and allow the user to download the file

 

With this in place, all you'd need to do is to set up your file list with links to downloadFile.php?id=[file md5 here]

 

Make sense?

Share this post


Link to post
Share on other sites

Yes, that makes sense. I don't think I can do that though, at my skill level. I have spent about 3 days on this already. I may have to just save the files in the db because then I can follow your CRUD tutorials and also add the Delete option like you have in your records table. But I will give your suggestion a try. Thanks Ben.

Share this post


Link to post
Share on other sites

i just want that after the updation (changes) it must be store in database , code is below plz help me as soon as possible in this topic

 

 

<?php

 

include("connect-db.php");

 

function renderForm($clientname = '', $address ='', $city = '', $telephoneno ='', $mobileno ='', $email = '', $sno ='', $userid = '')

{ ?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>

<title>

<?php if ($userid != '') { echo "Edit Record"; } else { echo "New Record"; } ?>

</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>

</head>

<body>

<h1><?php if ($userid != '') { echo "Edit Record"; } else { echo "New Record"; } ?></h1>

<?php if ($error != '') {

echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error

. "</div>";

} ?>

 

<form action="" method="post">

<div>

<?php if ($userid != '') { ?>

<input type="hidden" name="userid" value="<?php echo $userid; ?>" />

 

<?php } ?>

 

<table cellpadding="10" cellspacing="10" width="59%" align="center" border="0">

<tr>

<td>Client Name:</td>

<td><input type="text" name="clientname"

value="<?php echo $clientname; ?>"/></td>

</tr>

<br/>

<tr>

<td>Adress:</td>

<td> <input type="text" name="address"

value="<?php echo $address; ?>"/></td>

</tr>

<tr>

<td>City:</td>

<td><input type="text" name="city"

value="<?php echo $city; ?>"/></td>

</tr>

<tr>

<td>Telephone no:</td>

<td> <input type="text" name="phoneno"

value="<?php echo $telephoneno; ?>"/></td>

</tr>

<tr>

<td>Mobile no:</td>

<td><input type="text" name="mobileno"

value="<?php echo $mobileno; ?>"/></td>

</tr>

<tr>

<td>Email:</td>

<td><input type="text" name="email"

value="<?php echo $email; ?>"/></td>

</tr>

<tr>

<td>Sno:</td>

<td> <input type="text" name="sno"

value="<?php echo $sno; ?>"/></td>

</tr>

<tr>

<td></td>

<td><input type="submit" name="submit" value="Submit" /></td>

</tr>

</table>

</div>

</form>

</body>

</html>

 

<?php }

 

 

 

/*

 

EDIT RECORD

 

*/

// if the 'id' variable is set in the URL, we know that we need to edit a record

if (isset($_GET['userid']))

{

// if the form's submit button is clicked, we need to process the form

if (isset($_POST['submit']))

{

// make sure the 'id' in the URL is valid

if (is_numeric($_POST['userid']))

{

// get variables from the URL/form

$userid = $_POST['userid'];

$clientname = htmlentities($_POST['clientname'], ENT_QUOTES);

$address = htmlentities($_POST['address'], ENT_QUOTES);

$city = htmlentities($_POST['city'], ENT_QUOTES);

$telephoneno = htmlentities($_POST['phoneno'], ENT_QUOTES);

$mobileno = htmlentities($_POST['mobileno'], ENT_QUOTES);

$email = htmlentities($_POST['email'], ENT_QUOTES);

$sno = htmlentities($_POST['sno'], ENT_QUOTES);

 

 

if ($clientname == '' || $address == '' || $city == '' || $telephoneno == '' || $mobileno == '' || $email == '' || $sno)

{

$error = 'ERROR: Please fill in all required fields!';

renderForm($clientname, $address, $city, $telephoneno, $mobileno, $email, $sno, $error, $userid );

}

else

{

// if everything is fine, update the record in the database

if ($stmt = $mysqli->prepare("UPDATE addclient SET clientname=$clientname, address=$address, city=$city, telephoneno=$telephoneno, mobileno=$mobileno, email=$email, sno=$sno WHERE userid=$userid"))

{

$stmt->bind_param("ssi", $clientname, $address, $city, $telephoneno, $mobileno, $email, $sno, $userid);

$stmt->execute();

$stmt->close();

}

// show an error message if the query has an error

else

{

echo "ERROR: could not prepare SQL statement.";

}

 

 

header("Location: view.php");

}

}

 

}

// if the form hasn't been submitted yet, get the info from the database and show the form

else

{

// make sure the 'id' value is valid

if (is_numeric($_GET['userid']) && $_GET['userid'] > 0)

{

// get 'id' from URL

$userid = $_GET['userid'];

 

// get the recod from the database

if($stmt = $mysqli->prepare("SELECT * FROM addclient WHERE userid= ?"))

{

$stmt->bind_param("i", $userid);

$stmt->execute();

 

$stmt->bind_result($clientname, $address, $city, $telephoneno, $mobileno, $email, $sno,$userid);

$stmt->fetch();

 

// show the form

renderForm($clientname, $address, $city, $telephoneno,$mobileno,$email, $sno, NULL, $userid);

 

$stmt->close();

}

// show an error if the query has an error

else

{

echo "Error: could not prepare SQL statement";

}

}

// if the 'id' value is not valid, redirect the user back to the view.php page

else

{

header("Location: view.php");

}

}

}

 

 

 

/*

 

NEW RECORD

 

*/

// if the 'id' variable is not set in the URL, we must be creating a new record

else

{

// if the form's submit button is clicked, we need to process the form

if (isset($_POST['submit']))

{

// get the form data

$clientname = htmlentities($_POST['clientname'], ENT_QUOTES);

$address = htmlentities($_POST['address'], ENT_QUOTES);

$city = htmlentities($_POST['city'], ENT_QUOTES);

$telephoneno = htmlentities($_POST['phoneno'], ENT_QUOTES);

$mobileno = htmlentities($_POST['mobileno'], ENT_QUOTES);

$email = htmlentities($_POST['email'], ENT_QUOTES);

$sno = htmlentities($_POST['sno'], ENT_QUOTES);

 

// check that all fields are not empty

if ($clientname == '' || $address == '' || $city == '' || $telephoneno == '' || $mobileno == '' || $email == '' || $sno )

{

// if they are empty, show an error message and display the form

$error = 'ERROR: Please fill in all required fields!';

renderForm($clientname, $address, $city, $telephoneno, $mobileno, $email, $sno, $error);

}

else

{

// insert the new record into the database

if ($stmt = $mysqli->prepare("INSERT addclient (clientname, address, city, telephoneno, mobileno, email, sno) VALUES (?, ?, ?, ?, ?, ?, ?) where userid=?"))

{

$stmt->bind_param("ss", $clientname, $address, $city, $telephoneno, $mobileno, $email, $sno);

$stmt->execute();

$stmt->close();

}

// show an error if the query has an error

else

{

echo "ERROR: Could not prepare SQL statement.";

}

 

// redirec the user

header("Location: view.php");

}

 

}

// if the form hasn't been submitted yet, show the form

else

{

renderForm($clientname, $address, $city, $telephoneno, $mobileno, $email, $sno);

}

}

 

// close the mysqli connection

$mysqli->close();

?>

Share this post


Link to post
Share on other sites

if your seeing "'ERROR: Please fill in all required fields!'" error after trying to edit i think this is a problem:

 

if ($clientname == '' || $address == '' || $city == '' || $telephoneno == '' || $mobileno == '' || $email == '' || $sno)
{
$error = 'ERROR: Please fill in all required fields!';
renderForm($clientname, $address, $city, $telephoneno, $mobileno, $email, $sno, $error, $userid );
}

 

change the first line to read:

if ($clientname == '' || $address == '' || $city == '' || $telephoneno == '' || $mobileno == '' || $email == '' || $sno =='')

 

$sno was being treated as ' if true/set, then throw the error' im not sure if that is what you were expecting? (same thing when adding new record as well..)

Edited by J Stern

Share this post


Link to post
Share on other sites

One other thing i noticed that might be causing you a problem is your bind_param() might be throwing "ERROR: Could not prepare SQL statement.""

 

try changing :

 

$stmt->bind_param("ss", $clientname, $address, $city, $telephoneno, $mobileno, $email, $sno);

 

to

 

$stmt->bind_param("sssssss", $clientname, $address, $city, $telephoneno, $mobileno, $email, $sno);

as I believe you have to specify the type of each value (though i might be wrong, I dont use bind_param() very often, i hope someone corrects me on this if i am incorrect See more info @ "http://php.net/manual/en/mysqli-stmt.bind-param.php" )

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×