Search code examples
phphtmlmysqlinsert-into

My INSERT INTO query is not working

I'm trying to make a news system so I just have to fill the form to post an article. Unfortunately, it seems that after many tries and methods, my INSERT INTO query doesn't seem to do anything. I work with 2 separate files: addnews.php (the form) and confirm.php. I translated everything from the french so it's easier for you to read.

Here is the form code which is working fine:

        <div id="centerbox" class="news1" align="center">
        <h1>Write a news</h1><br>
        <form method="post" action="confirm.php">
            <p>Title:</p>
            <input type="text" name="title"><br>

            <p>Content:</p>
            <textarea name="content" rows="8" cols="45"></textarea> 
            <br>
            <p>Picture to display:</p>
            <select name="picture">
                <option value="news">pics/INFO_IMPORTANTE.jpg</option>
                <option value="event">pics/EVENEMENT.jpg</option>
                <option value="helpme">pics/DEMANDE_AIDE.jpg</option>
                <option value="helpyou">pics/PROPOSITION_AIDE.jpg</option>
            </select>

            <p>Your name:</p>
            <input type="text" name="author"><br>

            <input type="hidden" name="date" value="<?php echo date("d/m/Y"); ?>">

                <input type="submit" value="Confirm">
        </form>
    </div>

And here is the code in confirm.php:

        <?php
    try
    {
        $bdd = new PDO('mysql:host=localhost;dbname=L1-EVMAN', 'root', '');
    }
    catch (Exception $e)
    {
        die('Error : ' . $e->getMessage());
    }
    ?>

        <?php
        $title = htmlspecialchars($_POST['title']);
        $picture = $_POST['picture'];
        $content = htmlspecialchars($_POST['content']);
        $author = htmlspecialchars($_POST['author']);
        $time = date('d/m/Y');

        if (empty($title) OR empty($content) OR empty($author))
        {
            echo '<font color="red">You have to fill everything !</font><br>
            <a href="http://localhost/sourcemaster/addnews>Start over</a>';
        }
        else 
        {
            $addnews = $bdd->prepare('INSERT INTO news (id, title, pic, content, author, time) VALUES(NULL, :$title, :$picture, :$content, :$author, :$time)');
            $addnews->execute(array(
                'title' => $title,
                'pic' => $picture,
                'content' => $content,
                'author' => $author,
                'time' => $time
                ));

            echo 'The news has been added correctly.';
            }
        ?>

The problem is that when I fill the form and confirm, it does say that the news has been added but nothing appears on the news page (which works fine when I manually add everything in the table). I'm really kind of new in all this and I can tell you that I improvised a bit at the end, following some tutorials I found but none of them seem to help me.

So I'm asking you guys for help. Feel free to ask for more details or anything.

Thank you very much!

Solution

  • Your insert query parameter is incorrect.

    :$title for example will expand to :"whatever the user entered"

    And you don't have such parameter bound.

    You have to remove the "$" from the bind parameters:

    'INSERT INTO news (id, title, pic, content, author, time) VALUES(NULL, :title, :picture, :content, :author, :time)