I can get the following code to run normally on the localhost xampp server but not on the live server. I do not know what I am doing wrong. I tried changing the link to a full http one for google but again, the page just reloads. Do not understand what is happening. Any help will be appreciated!
This is the entire code. It has a form that I use to upload data. The values are bound in the try statement and the page is supposed to redirect elswehere once it happens.
<?php
include 'inc/db.php';
include 'header.php';
if (isset ($_GET ['id'])) {
$id = $_GET ['id'];
}
try {
$sql = "SELECT petname from pets where id = $id";
$results = $pdo -> query($sql);
while ($data = $results->fetch(PDO::FETCH_OBJ)){
$petname = $data->petname;
};
}
catch (PDOException $e) {
}
if (isset($_POST ['submit'])) {
try {
$sql = "INSERT INTO vaccinations (type, date_given, due_date, auth_by, payment_made, balance, pet_id)
VALUES (:type, :date_given, :due_date, :auth_by, :payment_made, :balance, :pet_id)";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':type', $_POST['vaccination_type']);
$stmt->bindParam(':date_given', $_POST['date_given']);
$stmt->bindParam(':due_date', $_POST['due_date']);
$stmt->bindParam(':auth_by', $_POST['auth_by']);
$stmt->bindParam(':payment_made', $_POST['payment_made']);
$stmt->bindParam(':balance', $_POST['balance']);
$stmt->bindParam(':pet_id', $id);
$stmt->execute();
header("Location: thankyou.php");
}
catch (PDOException $e){
echo 'Sorry, cannot perform query at this point. Please contact system administrator.'.$e->getMessage();
}
}
?>
<div class="wrap">
<div class="search-results">
<h3> Add new vaccination entry for <span class="vacc-form-highlight"><?php echo $petname; ?> </span></h3><br />
<form action="" method="post">
<li>
<label for="vacc_type">Vaccination Type: <br />
<input type="text" name="vaccination_type" /></label>
</li>
<li>
<label for="date_given">Date Administered: <br />
<input type="date" name="date_given" /> </label>
</li>
<li>
<label for="due_date">Date Due: <br />
<input type="date" name="due_date" /> </label>
</li>
<li>
<label for="admin"> Administered by: <br />
<input type="text" name="auth_by" /> </label>
</li>
<li>
<label for="payment_made"> Payment Made: <br />
<input type="text" name="payment_made" /> </label>
</li>
<li>
<label for="balance_due"> Balance Due: <br />
<input type="text" name="balance" /> </label>
</li><br />
<br />
<input type="submit" name="submit" />
</form>
</div><!-- end searc results-->
<?php include 'sidebar.php'; ?>
</div><!-- end wrap-->
<?php include 'footer.php' ; ?>
Are you getting any errors or warnings? Do you have error reporting turned on? I don’t know if this is a setting (giving food for thought) but does your server allow header redirects?
This is the first time I have tried php scripts on a live server. What happens is the code runs normally with data being sent to the db. The only problem is that the header part of the script doesn’t run and the page simply reloads. No errors since pretty much everything else runs normally.
Yet another example of why I don’t run or loop through queries within html. Error headers already sent. I assume header.php has <html> or something being sent to the browser. Move all queries above this include and if you need to “echo” a message set it to a variable. I also remove a stray semi-colon after the WHILE loop and added exit after the header.
<?php
include 'inc/db.php';
if (isset ($_GET ['id'])) {
$id = $_GET ['id'];
}
try {
$sql = "SELECT petname from pets where id = $id";
$results = $pdo -> query($sql);
while ($data = $results->fetch(PDO::FETCH_OBJ)){
$petname = $data->petname;
}
}
catch (PDOException $e) {
}
if (isset($_POST ['submit'])) {
try {
$sql = "INSERT INTO vaccinations (type, date_given, due_date, auth_by, payment_made, balance, pet_id)
VALUES (:type, :date_given, :due_date, :auth_by, :payment_made, :balance, :pet_id)";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':type', $_POST['vaccination_type']);
$stmt->bindParam(':date_given', $_POST['date_given']);
$stmt->bindParam(':due_date', $_POST['due_date']);
$stmt->bindParam(':auth_by', $_POST['auth_by']);
$stmt->bindParam(':payment_made', $_POST['payment_made']);
$stmt->bindParam(':balance', $_POST['balance']);
$stmt->bindParam(':pet_id', $id);
$stmt->execute();
header("Location: thankyou.php");
exit;
}
catch (PDOException $e){
$message = 'Sorry, cannot perform query at this point. Please contact system administrator.'.$e->getMessage();
}
}
include 'header.php';
// echo message
if(isset($message)){ echo $message;}
?>
<div class="wrap">
<div class="search-results">
<h3> Add new vaccination entry for <span class="vacc-form-highlight"><?php echo $petname; ?> </span></h3><br />
<form action="" method="post">
<li>
<label for="vacc_type">Vaccination Type: <br />
<input type="text" name="vaccination_type" /></label>
</li>
<li>
<label for="date_given">Date Administered: <br />
<input type="date" name="date_given" /> </label>
</li>
<li>
<label for="due_date">Date Due: <br />
<input type="date" name="due_date" /> </label>
</li>
<li>
<label for="admin"> Administered by: <br />
<input type="text" name="auth_by" /> </label>
</li>
<li>
<label for="payment_made"> Payment Made: <br />
<input type="text" name="payment_made" /> </label>
</li>
<li>
<label for="balance_due"> Balance Due: <br />
<input type="text" name="balance" /> </label>
</li><br />
<br />
<input type="submit" name="submit" />
</form>
</div><!-- end searc results-->
<?php include 'sidebar.php'; ?>
</div><!-- end wrap-->
<?php include 'footer.php' ; ?>
if (isset ($_GET ['id'])) {
$id = $_GET ['id'];
}
try {
$sql = "SELECT petname from pets where id = $id";
$results = $pdo -> query($sql);
while ($data = $results->fetch(PDO::FETCH_OBJ)){
$petname = $data->petname;
};
}
catch (PDOException $e) {
}
You’ve got a SQL Injection vulnerability there, you should be using a prepared statement for that query
Yes
$sql = "SELECT petname from pets where id = :id";
$query = $dbo->prepare($sql);
$query->bindParam(":id", $id);
$query->execute();
while ($data = $query->fetch(PDO::FETCH_OBJ)){
$petname = $data->petname;
}
Thanks a lot, sir. The redirect is working now and I have also switched to prepared statements.
2 Likes
system
May 10, 2015, 2:49pm
8
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.