Home>

I want to reflect it in the database normally after checking the input contents.

Please write your question in detail here.

[Error location]
After checking the input contents with stock_edit_check.php, an error occurred at the place where it is reflected in the DB with stock_edit_done.php, so the error part seems to be in the try of stock_edit_done.php.

array (6) {[": purchase_date"] =>string (10) "2020-10-26" [": deadline"] =>string (10) "2020-11-26" [": stock_name"] = >string (18) "Domestic cucumber" [": price"] =>int (200) [": number"] =>int (10) [": gazou"] =>string (14) "kyuri_yama.jpg" } Error occurred: SQLSTATE [HY093]: Invalid parameter number: number of bound variables does not match number of tokens
We apologize for the inconvenience caused by the obstacle.
Corresponding source code

"Stock_edit.php: Enter your modifications"

<? php
session_start ();
session_regenerate_id (true);
if (isset ($_SESSION ['login']) == false)
{
    print'You will not be logged in.<br />';
    print' Go to login screen ';
    exit ();
}
else else
{
    print $_SESSION ['user_name'];
    print'san logged in<br />';
    print'<br />';
}
?><! DOCTYPE html><html><head><meta charset = "UTF-8"><link rel = "stylesheet" href = "css/common.css"><title>Inventory removal</title></head><body><? php
try
{
$stock_id = $_GET ['stockid'];
$dsn ='mysql: dbname = user;host = localhost;charset = utf8';
$user ='yusei';
$password ='rogin1111';
$dbh = new PDO ($dsn, $user, $password);
$dbh->setAttribute (PDO :: ATTR_ERRMODE, PDO :: ERRMODE_EXCEPTION);
$sql ='SELECT purchase_date, deadline, stock_name, price, number, gazou FROM stocks WHERE stock_id =?';
$stmt = $dbh->prepare ($sql);
$data [] = $stock_id;
$stmt->execute ($data);
$rec = $stmt->fetch (PDO :: FETCH_ASSOC);
$stock_purchase_date = $rec ['purchase_date'];
$stock_deadline = $rec ['deadline'];
$stock_name = $rec ['stock_name'];
$stock_price = $rec ['price'];
$stock_number = $rec ['number'];
$stock_gazou_name_old = $rec ['gazou'];
$dbh = null;
if ($stock_gazou_name_old =='')
{
    $disp_gazou ='';
}
else else
{
    $disp_gazou ='';
}
}
catch (Exception $e)
{
    echo "Error occurred:". Htmlspecialchars ($e->getMessage (), ENT_QUOTES,'UTF-8'). "<br>";
    print'We are sorry for the inconvenience caused by the failure. ';
    exit ();
}
?>Product ID:<? php print $stock_id;?><? php print $disp_gazou;?><br /><form method = "post" action = "stock_edit_check.php" enctype = "multipart/form-data"><input type = "hidden" name = "stockid" value = "<? php print $stock_id;?>"><input type = "hidden" name = "gazou_name_old" value = "<? php print $stock_gazou_name_old;?>">// Display the already registered image<label for = "purchase_date">Purchase date:</label><input type = "date" name = "purchase_date" value = "<? php print $stock_purchase_date?>"><br><label for = "deadline">Expiration date:</label><input type = "date" name = "deadline" value = "<? php print $stock_deadline?>"><br><label for = "stock_name">Product name:</label><input type = "text" name = "stock_name" value = "<? php print $stock_name;?>"><br><label for = "price">Price:</label><input type = "text" name = "price" value = "<? php print $stock_price;?>"><br><label for = "number">Stock quantity:</label><input type = "number" name = "number" value = "<? php print $stock_number;?>"><br><label for = "gazou">Image:</label><input type = "file" name = "gazou"><br><input type = "button" onclick = "history.back ()" value = "back"><input type = "submit" value = "correction"></form></body></html>

"Stock_edit_check.php: Check your input."

<? php
session_start ();
session_regenerate_id (true);
if (isset ($_SESSION ['login']) == false)
{print'You will not be logged in.<br />';
    print' Go to login screen ';
    exit ();
}
else else
{
    print $_SESSION ['user_name'];
    print'san logged in<br />';
    print'<br />';
}
?><! DOCTYPE html><html><head><meta charset = "UTF-8"><link rel = "stylesheet" href = "css/common.css"><title>Inventory correction</title></head><body><? php
require_once ('../ common/common.php');
$post = sanitize ($_ POST);
if (! empty ($_POST ['stock_id']))
{
    $stock_id = $_POST ['stock_id'];
}
if (! empty ($_POST ['purchase_date']))
{
    $stock_purchase_date = $_POST ['purchase_date'];
}
if (! empty ($_POST ['deadline']))
{
    $stock_deadline = $_POST ['deadline'];
}
if (! empty ($_POST ['stock_name']))
{
    $stock_name = $_POST ['stock_name'];
}
if (! empty ($_ POST ['price']))
{
    $stock_price = $_POST ['price'];
}
if (! empty ($_ POST ['number']))
{
    $stock_number = $_POST ['number'];
}
if (! empty ($_POST ['gazou_name_old']))
{
    $stock_gazou_name_old = $_POST ['gazou_name_old'];
}
if (! empty ($_FILES ['gazou']))
{
    $stock_gazou = $_FILES ['gazou'];
}
if ($stock_gazou ['size']>0)
{
    if ($stock_gazou ['size']>1000000)
    {
        print'The image is too large. ';
    }
    else else
    {
        move_uploaded_file ($stock_gazou ['tmp_name'],

'./gazou/'. $stock_gazou ['name']);
        print'';
        print'<br />';
    }
}
if ($stock_purchase_date =='')
{
    print'The purchase date has not been entered.<br />';
}
else else
{
    print'Purchase date:';
    print $stock_purchase_date;
    print'<br />';
}
if ($stock_deadline =='')
{
    print'The expiration date has not been entered.<br />';
}
else else
{
    print'Expiration date:';
    print $stock_deadline;
    print'<br />';
}
if ($stock_name =='')
{
    print'The product name has not been entered.<br />';
}
else else
{
    print'Product name:';
    print $stock_name;
    print'<br />';
}
if (preg_match ('/ \ A [0-9] + \ z /', $stock_price) == 0){
    print'Please enter the price properly.<br />';
}
else else
{
    print'Price:';
    print $stock_price;
    print'yen<br />';
}
if ($stock_number =='')
{
    print'The quantity has not been entered.<br />';
}
else else
{
    print'quantity:';
    print $stock_number;
    print'<br />';
}
if ($stock_name =='' || preg_match ('/ \ A [0-9] + \ z /', $stock_price) == 0 || $stock_gazou ['size']>1000000)
{
    print'<form>';
    print'<input type = "button" onclick = "history.back ()" value = "back">';
    print'</form>';
}
else else
{
    print'Change as above.<br />';
    print'<form method = "post" action = "stock_edit_done.php">';
    if (isset ($stock_id))
    {
        print'<input type = "hidden" name = "stock_id" value = "'. $Stock_id.'">';
    }
    if (isset ($stock_purchase_date))
    {
        print'<input type = "hidden" name = "purchase_date" value = "'. $Stock_purchase_date.'">';
    }
    if (isset ($stock_deadline))
    {
        print'<input type = "hidden" name = "deadline" value = "'. $Stock_deadline.'">';
    }
    if (isset ($stock_name))
    {
        print'<input type = "hidden" name = "stock_name" value = "'. $Stock_name.'">';
    }
    if (isset ($stock_price))
    {
        print'<input type = "hidden" name = "price" value = "'. $Stock_price.'">';
    }
    if (isset ($stock_number))
    {
        print'<input type = "hidden" name = "number" value = "'. $Stock_number.'">';
    }
    if (isset ($stock_gazou_name_old))
    {
        print'<input type = "hidden" name = "gazou_name_old" value = "'. $Stock_gazou_name_old.'">';
    }
    if (isset ($stock_gazou ['name']))
    {
        print'<input type = "hidden" name = "gazou_name" value = "'. $Stock_gazou ['name'].'">';
    }
    print'<br />';
    print'<input type = "button" onclick = "history.back ()" value = "back">';
    print'<input type = "submit" value = "OK">';
    print'</form>';
}
?></body></html>

"Stock_edit_done.php: Reflected in DB"

<? php
session_start ();
session_regenerate_id (true);
if (isset ($_SESSION ['login']) == false)
{
    print'You will not be logged in.<br />';
    print' Go to login screen ';
    exit ();
}
else else
{
    print $_SESSION ['user_name'];
    print'san logged in<br />';
    print'<br />';
}
?><! DOCTYPE html><html><head><meta charset = "UTF-8"><link rel = "stylesheet" href = "css/common.css"><title>Inventory correction</title></head><body><? php
require_once ('../ common/common.php');
try
{
$post = sanitize ($_ POST);
if (! empty ($_POST ['stock_id'])){
    $stock_id = $_POST ['stock_id'];
}
if (! empty ($_POST ['purchase_date']))
{
    $stock_purchase_date = $_POST ['purchase_date'];
}
if (! empty ($_POST ['deadline']))
{
    $stock_deadline = $_POST ['deadline'];
}
if (! empty ($_POST ['stock_name']))
{
    $stock_name = $_POST ['stock_name'];
}
if (! empty ($_ POST ['price']))
{
    $stock_price = $_POST ['price'];
}
if (! empty ($_ POST ['number']))
{
    $stock_number = $_POST ['number'];
}
if (! empty ($_POST ['gazou_name_old']))
{
    $stock_gazou_name_old = $_POST ['gazou_name_old'];
}
if (! empty ($_POST ['gazou_name']))
{
    $stock_gazou_name = $_POST ['gazou_name'];
}
$dsn ='mysql: dbname = user;host = localhost;charset = utf8';
$user ='yusei';
$password ='rogin1111';
$dbh = new PDO ($dsn, $user, $password);
$dbh->setAttribute (PDO :: ATTR_ERRMODE, PDO :: ERRMODE_EXCEPTION);
$dbh->beginTransaction ();
$sql ='UPDATE stocks SET purchase_date =: purchase_date, deadline =: deadline, stock_name =: stock_name, price =: price, number =: number, gazou =: gazou_name WHERE stock_id =: stock_id';
$stmt = $dbh->prepare ($sql);
$dbh->commit ();
if (isset ($stock_purchase_date))
{
    $data [': purchase_date'] = $stock_purchase_date;
}
if (isset ($stock_deadline))
{
    $data [': deadline'] = $stock_deadline;
}
if (isset ($stock_name))
{
    $data [': stock_name'] = $stock_name;
}
if (isset ($stock_price))
{
    $data [': price'] = (int) $stock_price;
}
if (isset ($stock_number))
{
    $data [': number'] = (int) $stock_number;
}
if (isset ($stock_gazou_name))
{
    $data [': gazou_name'] = $stock_gazou_name;
}
if (isset ($stock_id))
{
    $data [': stock_id'] = (int) $stock_id;
}
var_dump ($data);

$stmt->execute ($data);
$dbh = null;
if ($stock_gazou_name_old! = $stock_gazou_name)
{
    if ($stock_gazou_name_old! ='')
    {
    unlink ('./ gazou /'. $Stock_gazou_name_old);
    }
}
print'fixed.<br />';
}
catch (Exception $e)
{
    $dbh->rollBack ();
    echo "Error occurred:". Htmlspecialchars ($e->getMessage (), ENT_QUOTES,'UTF-8'). "<br>";
    print'We are sorry for the inconvenience caused by the failure. ';
    exit ();
}
?><form action = "list.php"><input type = "submit" value = "back"></form></body></html>

"Table contents"

What I tried Supplementary information (FW/tool version, etc.)

Please provide more detailed information here.

  • Answer # 1

    It may not be a direct answer,
    I found a point that I was interested in, so I will point it out first.

    The data to be written to the database
    Because "?" Is used in the query
    It will be in the form of filling the data in "?" In the order when passing it as an array,
    what if

    if (isset ($stock_purchase_date))
    {
        $data [] = $stock_purchase_date;
    }


    When isset () does not hold$stock_purchase_dateBecause the next and subsequent data will be carried up and filled in the place you wanted to fill with
    It may not be possible to store the data as intended.
    To avoid this, you should use named placeholders.

    $sql ='UPDATE stocks SET purchase_date =: purchase_date, deadline =: deadline, stock_name =: stock_name, price =: price, number =: number, gazou =: gazou WHERE stock_id =: stock_id';
    $stmt = $dbh->prepare ($sql);
    if (isset ($stock_purchase_date))
    {
        $data [': purchase_date'] = $stock_purchase_date;
    }

    Also, one execution of the INSERT INTO statement,
    Isn't transaction processing contrary?
    PHP: PDO :: beginTransaction --Manual
    PHP: PDO :: commit --Manual
    PHP: PDO :: rollBack --Manual
    I would like to get into the habit of storing data and committing if there are no abnormalities.

  • Answer # 2

    I'm putting a value into $data [] while checking for the existence of variables.
    With the number of statically written when not thrown in
    Is the number of elements in $data different?

  • Answer # 3

    I only see the following in the non-input check of stock_edit_check.php

    if ($stock_name =='' || preg_match ('/ \ A [0-9] + \ z /', $stock_price) == 0 || $stock_gazou ['size']>1000000)


    So, I wonder if other things will pass as they are even if they are not entered.
    Well, I don't know what kind of input it actually happened ...
    If you allow no input, you have to do that with SQL.

  • Answer # 4

    You should check the phenomenon and identify the cause of the defect before fixing the defect.
    First, check the phenomenon.

    As mentioned in te2ji's answer last time, let's check the contents of $data (not in the code, but during processing).

    if (isset ($stock_id))
    {
        $data [] = (int) $stock_id;
    }
    var_dump ($data);// Output the actual value added and stored
    $stmt->execute ($data);


    Was the contents of $data stored in the expected data and in the expected order without omission?

    Do not think "probably not a problem", but as long as there is an error, think "there should be a problem" and take corrective action.

Related articles