0

I am trying to update some data to Postgres using a PHP form, but I keep receiving this error message:

Error with DB. Details: PDOException: SQLSTATE[42601]: Syntax error: 7 ERROR: syntax error at end of input LINE 1: ...te = '04/04/2020', check_out_date = '04/05/2020' WHERE id = ^ in /app/web/week05/update.php:13 Stack trace: #0 /app/web/week05/update.php(13): PDOStatement->execute() #1 {main}

This is how my php form looks like:

    <?php echo "   <form method='post' action='update.php'>

    <div class='form-group'>
        <label for='reservationID'>Reservation ID:</label>
        <input type='text' class='form-control' id='reservationID' name='reservationID' value='$reservation_id' disabled>
        <div class='valid-feedback'>Valid.</div>
      </div>

      <div class='form-group'>
        <label for='RoomNumber'>Room Number: </label>
        <input type='text' class='form-control' id='RoomNumber' name='RoomNumber' value='$room_number' required>
        <div class='valid-feedback'>Valid.</div>
      </div>

    <div class='form-group'>
        Check-In Date: <input width='276' id='checkInDate' name='checkInDate' required />
        Check-Out Date: <input width='276' id='checkOutDate' name='checkOutDate' required />

    </div>

    <button type='submit' class='btn btn-primary'>Update</button>
    <br>
    <br>
    </form>
  </div>";

  ?>

And here's the code of my update.php file:

    <?php
$id = $_POST['reservationID'];
$RoomNumber = $_POST['RoomNumber'];
$checkInDate = $_POST['checkInDate'];
$checkOutDate = $_POST['checkOutDate'];

require "connection.php";
$db = get_db();

try
{
    $update = $db->prepare("UPDATE reservation SET room_number = '$RoomNumber', check_in_date = '$checkInDate', check_out_date = '$checkOutDate' WHERE id = $id");
    $update->execute();
}
catch (Exception $ex)
{
    echo "Error with DB. Details: $ex";
    die();
}
header("Location: search3.php");

die(); 

?>

Really needed help here, thank you!

Improve this question

1 Answer 1

Reset to default
1

Disabled fields are not passed to server. Use input type=hidden instead:

<input type='hidden' id='reservationID' name='reservationID' value='$reservation_id'>

Also, correct usage of prepared statements in your case is:

$update = $db->prepare("UPDATE reservation SET room_number = ?, check_in_date = ?, check_out_date = ? WHERE id = ?");
$update->execute([
    $RoomNumber,
    $checkInDate,
    $checkOutDate,
    $id,
]);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Alternative solution to using type='hidden': If he wants to actually show the reservation id, he could also use readonly="readonly" instead of disabled.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.