I am a beginner "programmer" so please excuse my ignorance. I am using a prepared statement in the interest of security. The else clause is echoed instead of the INSERT INTO statement executing. I am passing a hidden value from the HTML form:
<input type="hidden" value="EVS1" name="CustomerCode" />
<?php
include ('../etc/mysql_connect.php');
if(isset($_POST['submit'])) {
$FirstName= trim( $_POST['FirstName'] );
$LastName= trim( $_POST['LastName'] );
$Address1= trim( $_POST['Address1'] );
$Address2= trim( $_POST['Address2'] );
$City= trim( $_POST['City'] );
$State= trim( $_POST['State'] );
$Zip= trim( $_POST['Zip'] );
$Email= trim( $_POST['Email'] );
$calculated_date = date('m-d-Y', time() + 86400 * 42);
$stmt = $conn->prepare("INSERT INTO xxx SET FirstName = ?,LastName = ?,Address1 = ?,Address2 = ?,City = ?,State = ?,Zip = ?,Email = ?,CustomerCode = CustomerCode,DrawingEntryDate = NOW() ");
$stmt->bind_param("sssssssss", $_POST['FirstName'] , $_POST['LastName'], $_POST['Address1'], $_POST['Address2'], $_POST['City'], $_POST['State'], $_POST['Zip'], $_POST['Email'], $_POST['CustomerCode']);
$stmt->execute();
$affected_rows= mysqli_stmt_affected_rows ($stmt);
if ($affected_rows ==1){
echo '<body bgcolor="#F9F9F9"><h2>Thank You!</h2><font type="Arial,Helvetica, sans-serif" size="3">We have successfully received your entry. Good luck!<br><br>Names are drawn randomly each month, and notified via email. If your name is chosen, please expect delivery within 4-6 weeks. Your order is scheduled to be delivered by '.$calculated_date.'.</font></body>';
mysqli_stmt_close($stmt);
mysqli_close($dbconnect);
} else {
echo '<body bgcolor="#F9F9F9"><h2>Oops!</h2><font type="Arial,Helvetica, sans-serif" size="3">There is a limit of 1 entry per day. <b>'.$FirstName.'</b> has already entered on '.$DrawingEntryDate.' .</font></body>';
echo mysqli_error();
mysqli_stmt_close($stmt);
mysqli_close($dbconnect);
}
}
?>
You have eight parameter place-holders in the query, and attempt to bind nine parameters to it.
Here:
$stmt = $conn->prepare("INSERT INTO xxx SET FirstName = ?,LastName = ?,Address1 = ?,Address2 = ?,City = ?,State = ?,Zip = ?,Email = ?,CustomerCode = CustomerCode,DrawingEntryDate = NOW() ");
$stmt->bind_param("sssssssss", $_POST['FirstName'] , $_POST['LastName'], $_POST['Address1'], $_POST['Address2'], $_POST['City'], $_POST['State'], $_POST['Zip'], $_POST['Email'], $_POST['CustomerCode']);
you have forgotten to put a parameter placeholder for CustomerCode
.
If you're always going to set DrawingEntryDate
to NOW(), you can just leave that out of the query and set that column to have a default value.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.