0

Here is my code and the error keeps coming up. Everything matches the form but I still get the same error. I have tried and in the sql table the lon and lan is number based so I dont know if this could be the issue:

<?php

$n = $_POST["name"];
$t = $_POST["type"];
$c = $_POST["country"];
$r = $_POST["region"];
$lon = $_POST["longitude"];
$lat = $_POST["latitude"];
$des = $_POST["description"];

$conn = new PDO("mysql:host=localhost;dbname=hjaved;", "hjaved","queeTh1d");
$conn->query("INSERT INTO pointsofinterest (name, type, country, 
    region, lon, lat, description) VALUES ('$n', '$t', '$c', '$r', 
    '$lon',
    '$lat', '$des')");

print_r($conn->errorinfo());
?>

Here is the table shcema:
ID name type country region lon lat description

dferenc
  • 7,918
  • 12
  • 41
  • 49
ham
  • 1
  • 1
  • Can you specify table schema + example of the data (like dump of $_POST)? Also a small note to your code, use prepare + execute for security reasons, to avoid injections: here is an example https://stackoverflow.com/questions/18655706/pdo-with-insert-into-through-prepared-statements#answer-18655812 – Alex Tank Dec 24 '18 at 21:14
  • Please run `DESCRIBE [your-table-name];` in your mysql client and add output to your question, this will show table schema with field types + lengths. One assumption is you've specified length on you `lon` field, which is less than you provide with data from `$_POST['longitude']`, that's why I've asked about `var_dump($_POST);`. – Alex Tank Dec 24 '18 at 21:26

1 Answers1

-1

Here is an example, how to get rid of mysql injections, using prepare + execute methods (from PDO object)

<?php
$conn = new PDO("mysql:host=localhost;dbname=hjaved;", "hjaved","queeTh1d");
$conn->prepare("
    INSERT INTO pointsofinterest (
        `name`,
        `type`,
        `country`,
        `region`,
        `lon`,
        `lat`,
        `description`
    ) VALUES (
        :name,
        :type,
        :country,
        :region,
        :lon,
        :lat,
        :description
    );");
$conn->execute(array(
    ':name' => $_POST["name"],
    ':type' => $_POST["type"],
    ':country' => $_POST["country"],
    ':region' => $_POST["region"],
    ':lon' => $_POST["longitude"],
    ':lat' => $_POST["latitude"],
    ':description' => $_POST["description"],
));

print_r($conn->errorinfo());
Alex Tank
  • 82
  • 4