If I remove this code, my page loads. But If I add this, I get a HTTP Error 500 from my web matrix.
<?php
try {
if(isset(['submit'])) {
include('config.php');
$subject = $_POST['subject'];
$content = $_POST['editor1'];
$date = $_POST['date'];
$tags = $_POST['tags'];
$author = $_POST['author'];
$thumbnail = $_POST['thumbnail'];
$sql = "INSERT INTO articles (Subject, Content, Date, Author, Tags, Thumbnail) VALUES ('$subject','$content','$date','$author','$tags', '$thumbnail')";
$dbh->query($sql);
}
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
In the line
if (isset(['submit']))
there is a variable missing. You may want to use this line:
if(isset($_POST['submit']))
By the way your SQL code is open for blind SQL injections. You should parse the parameter or better still, use prepared statements.
$stmt = $dbh->prepare("INSERT INTO articles (Subject, Content, Date, Author, Tags, Thumbnail) VALUES (':subject',':content',':date',':author',':tags', ':thumbnail')");
$stmt->bindParam(':subject', $subject);
$stmt->bindParam(':content', $content);
// ...
$stmt->execute();
This is not a statement:
if (isset(['submit']))
it should be:
if (isset($_POST['submit']))
with all chance.
Anyway, you should bind parameters to the query, and not hardcode them into it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.