PDO bindValue works for other inputs, why not this one?
https://stackoverflow.com//questions/25069178
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm building a form where users can update attributes of books. There's a dynamically generated HTML form where users can enter new values for things like "Title", "Author", and "Description" that looks some thing like this:
echo "<form id=changerform name=changerform action=updatesubmit.php method=post>";
echo "<span id=titlebox>Title: <input class=attributefield style='border:none' type=text size=100 id=Title value='".$item['Title']."' />Change This?</span> <br>";
echo "<span id=authorbox>Author: <input class=attributefield style='border:none' type=text id=Author value='".$item['Author']."' />Change This?</span><br>";
echo "<span id=description>Description: <textarea class=attributefield style='border:none' rows=9 cols=100 name=Description id=Description >".$item['Description']."</textarea></span>";
echo "<input type='hidden' id='bookidfield' name='bookidfield' value = '".$toChange."' />";
This form is handled by some php that looks like this:
while($nowfield = current($_POST)){
$col = key($_POST);
switch($col){
case 'Title':
$qstring = 'UPDATE Mainbooks SET Title = :slug WHERE ItemID LIKE :bookid;';
break;
case 'Author':
$qstring = 'UPDATE Mainbooks SET Author = :slug WHERE ItemID LIKE :bookid;';
break;
case 'Description':
$qstring = "UPDATE Mainbooks SET Description = :slug WHERE ItemID LIKE :bookid;";
break;
default:
echo "Invalid input";
break;
}//end switch
$upquery = $safelink->prepare($qstring);
$upquery->bindValue(':slug', $nowfield, PDO::PARAM_STR);
$upquery->bindValue(':bookid', $_POST['bookidfield'], PDO::PARAM_INT);
$upquery->execute();
next($_POST);
} //end while
I've organized it as a switch statement because there's code in the form that only passes fields that have been changed through in post (with the exception of the 'bookidfield' input, which has the unique key for each item in it.) With the switch, only the necessary queries run.
The 'title' and 'author' fields work fine; they update without issue to the new values. The 'description' field, though, always updates to the value of the 'bookidfield.' I can fix it if I go in and manually change the ':bookid' parameter to the id of the book I want.
If I var_dump(_$POST) it seems to come through with the right key values, like so:
array(4) { ["Title"]=> string(22) "Gross Boogers and Such" ["Author"]=> string(14) "Franny Panties" ["Description"]=> string(55) "This is the value I want to change the description to!!" ["bookidfield"]=> string(3) "184" }
But in my SQL table, it will change the title of book 184 to "Gross Boogers and Such" and the author to "Franny Panties," but it will change the description to "184." It's got to have something to do with my use of bindValue(), right? Or does it have to do with my loop? Is it how the form is named? I've been looking at it too long to see whatever it is.
Thanks Stackoverflow, you guys are great.
Solution
Your problem is, when the $col is different to Title, Author or Description, in other words, when the switch executes the default case you are executing the previous query with $nowfield = 184. You must not execute the query.
When switch execute the default case, you must "jump" to the next value, skipping the query execution.
default:
echo "Invalid input";
next($_POST);
continue 2;
break;
OTHER TIPS
Your HTML is broken for the Description <textarea>. You have...
<textarea ... name=Description id=Description />".$item['Description']."</textarea>
<!-- ^ there's your problem -->
Where it should be
<textarea ... name=Description id=Description>".$item['Description']."</textarea>
As mentioned in my comment, the way you're generating HTML is bound to lead to problems. I suggest you take this approach...
// leave the PHP context
?>
<form id="changerform" action="updatesubmit.php" method="post">
<span id="titlebox">
Title:
<input class="attributefield" type="text" id="Title" value="<?= htmlspecialchars($item['Title']) ?>">
Change This?
</span>
<!-- you get the idea -->
</form>
