Issue with Form Submission and Function

Hi,

I have the following small application which allows the user to add an entry to the guestbook.

However, it’s not working, even when it says it does.

Whenever I submit, I get the message The Entry was added., even when my fields are blank.

functions.php:


function add_entry($in_post) {
 
    // declare variables & escaping output
    // no real need for filtering input here
    $title = $in_post['title']; 
    $descr = $in_post['descr'];

    $ip = $_SERVER['REMOTE_ADDR']; 

    if ($title && $descr) {    
    
      $mysqli = new mysqli('localhost', 'root', '', 'guestbook'); 
      
      $stmt = $mysqli->prepare("INSERT INTO guestbook VALUES (?, ?, ?)"); 
      $stmt->bind_param('ssd', $title, $descr, $ip); 
      
      $title = $_POST['title']; 
      $descr = $_POST['descr'];
      $ip = $_SERVER['REMOTE_ADDR'];

        if ($stmt->execute()) { 

            return false;
            
            /* close statement and connection */ 
            $stmt->close(); 
            
        } 
         
        return false; 
    } 
     
    return $error[] = 'Please complete ALL mandatory fields.'; 
      
    $mysqli->close();
} 

add_entry.php:


<?php // add_entry.php

// db connection & includes outside of public root
//include('../includes/config.inc.php');

//include('../includes/stdinc.php');
include('../includes/functions.php');


if (isset($_POST['submitted'])) { 

    $add = add_entry($_POST); 
     
    if($add == true) 
    {         
        echo '<div class="success">The Entry was added.</div>'; 
    } 
    elseif(is_array($add)) 
    { 
        echo '<div class="alert">' . $add[0] . '</div>'; 
    } 
    else 
    { 
        echo '<div class="alert">The Entry was NOT added.</div>'; 
    } 
} 

?>

<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post">

    <div id="form">                         
        <fieldset> 
                                 
        <legend>Add your Entry here...</legend> 
                                                                    
        <label for="title">Name: </label><br /> 
        <input name="title" id="title" value="<?php echo (isset($_POST['title'])) ? htmlspecialchars($_POST['title']) : '';  ?>" type="text" /><br />
        
        <label for="descr">Body: </label><br /> 
        <textarea name="descr" id="descr" rows="6" cols="25"><?php echo(isset($_POST['descr'])) ? htmlspecialchars($_POST['descr']) : ''; ?></textarea><br />
                                         
        <br /> 
        <input name="submit" class="submit" value="Submit" type="submit" /> 
        <input type="hidden" name="submitted" value="TRUE" />
                                         
        </fieldset> 
    </div> 

</form>

Add some echo’s here and there to see if the script is doing what you expect it to do and when.

I believe your problem is if($add == true)

Try if($add === true)

(If you set $add to ANY value other than 0 or null string or False, then $add == true is a TRUE statement)

check the $stmt->error value.

PS: Your function as stated, never returns true, and there’s a statement after a return that will never be executed. (the stmt->close statement)

Many thanks StarLion. Adding the third equal sign did the job.

However, I’m now getting an error.


Fatal error: Call to a member function bind_param() on a non-object in C:\wamp\www\includes\functions.php on line 19

This refers to:


$stmt->bind_param('ssd', $title, $descr, $ip); 

Any ideas what may be causing this issue?

Thanks again for everyones help so far.

Please read this:


if ($stmt->execute()) { 

            return false; 
             
            /* close statement and connection */ 
            $stmt->close(); 
             
        }

as


if ($stmt->execute()) { 

            return true; 
             
            /* close statement and connection */ 
            $stmt->close(); 
             
        }

Sorry for the mix up.

Check that $mysqli is actually being correctly created, and not throwing an error… (echo $mysqli->error(); )

Yes, that’s what i imagined you’d MEANT to say… note though that the $stmt->close() will never be executed because the function stops operating when you return the value. (Put the close before the return, if you need to free up the connection)

Thanks for your patience.

Error:
Fatal error: Call to undefined method mysqli::error() in C:\wamp\www\includes\functions.php on line 17

Also, an IP address isnt a double, it’s a string…

Have you got mysqli installed?
I believe it’s not a default install option on windows… check your config files.

Aaaah. I’m using the WAMPServer.

Will look into mysqli, see if it’s installed.

Thanks again for the help with this.

mysqli:


mysqli

MysqlI Support	enabled
Client API library version	mysqlnd 5.0.5-dev - 081106 - $Revision: 1.3.2.27 $
Active Persistent Links	0
Inactive Persistent Links	0
Active Links	7
Persistent cache	enabled
put_hits	0
put_misses	0
get_hits	0
get_misses	0
size	2000
free_items	2000
references	2

Directive	Local Value	Master Value
mysqli.allow_local_infile	On	On
mysqli.allow_persistent	On	On
mysqli.cache_size	2000	2000
mysqli.default_host	no value	no value
mysqli.default_port	3306	3306
mysqli.default_pw	no value	no value
mysqli.default_socket	no value	no value
mysqli.default_user	no value	no value
mysqli.max_links	Unlimited	Unlimited
mysqli.max_persistent	Unlimited	Unlimited
mysqli.reconnect	Off	Off

Odd. try $mysqli->connect_error() instead.

Fatal error: Call to undefined method mysqli::connect_error() in C:\wamp\www\includes\functions.php on line 17

When I use:


if ($mysqli->connect_error) {
    die('Connect Error: ' . $mysqli->connect_error);
}

the script continues to execute. So the connection seems fine.

This error remains, however:


Fatal error: Call to a member function bind_param() on a non-object in C:\\wamp\\www\\includes\\functions.php on line 22

Thanks again for your patience.

What’s the structure of your table?

CREATE TABLE IF NOT EXISTS `guestbook` (
  `id` smallint(6) NOT NULL AUTO_INCREMENT,
  `title` varchar(255) NOT NULL DEFAULT '',
  `descr` text NOT NULL,
  `ip` varchar(22) NOT NULL DEFAULT '',
  `valid` tinyint(3) NOT NULL DEFAULT '0',
  PRIMARY KEY (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

--
-- Dumping data for table `guestbook`
--

INSERT INTO `guestbook` (`id`, `title`, `descr`, `ip`, `valid`) VALUES
(1, 'Great site', 'Got to say, this is one great site', '192.192.192.191', 1),
(2, 'test', 'tester', '192.192.192.191', 1);

your INSERT statement doesnt declare fieldnames… mySQL has no idea what to do with it, and is throwing an error.