Hi guy's I'm having trouble with the above error with the following code, I have tried fixing it myself with the help from existing threads found on this site, please help.
<?php
$product_name=$_POST['product_name'];
$unique_id=uniqid();
$product_price=$_POST['product_price'];
$product_colour=$_POST['product_colour'];
$product_description=$_POST['product_description'];
$product_care=$_POST['product_care'];
$size=$_POST['size'];
error_reporting(E_ALL);
ini_set('display_errors', '1');
if (!$product_name || !$unique_id || !$product_price || !$product_colour || !$product_description || !$product_care || !$size) {
echo "You have not entered all the required details.<br />"
."Please go back and try again.";
exit;
}
if (!get_magic_quotes_gpc()) {
$product_name = addslashes($product_name);
$unique_id = addslashes($unique_id);
$product_price = doubleval($product_price);
$product_colour = addslashes($product_colour);
$product_description = addslashes($product_description);
$product_care = addslashes($product_care);
$size = addslashes($size);
}
include "mysql.connect.php";
//Using Prepared Statements, they also protect against SQL injection-style attacks Addison Wesley (2008) PHP and Web Development 4th edn, p. 280
$query = "insert into products values(NULL, ?, ?, ?, ?, ?, ?, ?)";
if( ! $stmt = $db->prepare( $query ) ) {
echo 'Error: ' . $db->error;
return false; // throw exception, die(), exit, whatever...
} else {
// the rest of your code
}
$stmt->bind_param("sssd", NULL, $product_name, $unique_id, $product_price, $product_colour, $product_description, $Sproduct_care, $size);
$stmt->execute();
echo $stmt->affected_rows.'Item inserted into database.';
$stmt->close();
?>
Here's the mySQL table: