-2

Here is the code I've come up with which at least doesn't come up with a 500 error, nor sadly does it insert to one table and update another table.

Ultimately, once the user logs in, it'll insert to one table that the user has logged in, and update another table adding the memberid, firstname " " surname, whenin (date/time), and return the user back to the index page which will then change the button colour of yellow to green.

require_once "config.php";
require_once "helpers.php";

// Define variables and initialize with empty values
$memberid = "";
$signed_in = "";
$membername = "";
$firstname = "";
$lastname = "";
$paid_until = "";

$memberid_err = "";
$signed_in_err = "";
$membername_err = "";
$firstname_err = "";
$lastname_err = "";
$paid_until_err = "";

// Processing form data when form is submitted
if(isset($_POST["memberid"]) && !empty($_POST["memberid"])){
    // Get hidden input value
    $memberid = $_POST["memberid"];
    $membername = $_POST["membername"];
    
    $memberid = trim($_POST["memberid"]);
    $signed_in = trim($_POST["signed_in"]);
    $membername = trim($_POST["membername"]);
    $firstname = trim($_POST["firstname"]);
    $lastname = trim($_POST["lastname"]);
    $paid_until = trim($_POST["paid_until"]);
    

    // Prepare an update statement
    $dsn = "mysql:host=$db_server;dbname=$db_name;charset=utf8mb4";
    $options = [
        PDO::ATTR_EMULATE_PREPARES   => false, // turn off emulation mode for "real" prepared statements
        PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION, //turn on errors in the form of exceptions
        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, //make the default fetch be an associative array
    ];


    $conn = new PDO( "mysql:host=$db_server;dbname=$db_name;charset=utf8mb4");  
    $conn->beginTransaction();  
    $ret = $conn->exec("INSERT INTO scout_timeclock (memberid, whenin) VALUES (?, now())");  
    $ret = $conn->exec("UPDATE scout_member SET signed_in='Y' WHERE memberid=?");  
    $conn->commit();  
    // $conn->rollback();  
    echo $ret;  

    try {
        $pdo = new PDO($dsn, $db_user, $db_password, $options);
    } catch (Exception $e) {
        error_log($e->getMessage());
        exit('Something weird happened');
    }

    date_default_timezone_set("Australia/Brisbane"); 
    $_GET["memberid"] = trim($_GET["memberid"]);
    if(isset($_GET["memberid"]) && !empty($_GET["memberid"])){
        // Get URL parameter
        $memberid =  trim($_GET["memberid"]);
        $membername =  trim($_GET["membername"]);

        // Prepare a select statement
        $sql = "SELECT * FROM scout_member WHERE memberid = ?";
        if($stmt = mysqli_prepare($link, $sql)){
            // Set parameters
            $param_id = $memberid;

            // Bind variables to the prepared statement as parameters
            if (is_int($param_id)) $__vartype = "i";
            elseif (is_string($param_id)) $__vartype = "s";
            elseif (is_numeric($param_id)) $__vartype = "d";
            else $__vartype = "b"; // blob
            mysqli_stmt_bind_param($stmt, $__vartype, $param_id);

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                $result = mysqli_stmt_get_result($stmt);

                if(mysqli_num_rows($result) == 1){
                    /* Fetch result row as an associative array. Since the result set
                contains only one row, we don't need to use while loop */
                    $row = mysqli_fetch_array($result, MYSQLI_ASSOC);

                    // Retrieve individual field value

                    $memberid = $row["memberid"];
                    $firstname = $row["firstname"];
                    $lastname = $row["lastname"];
                    $paid_until = $row["paid_until"];
                    $signed_in = $row["signed_in"];
                
                } else{
                    // URL doesn't contain valid id. Redirect to error page 
                   header("location: error.php");
                    exit();
                }
            } else{
                echo "Oops! Something went wrong. Please try again later.<br>".$stmt->error;
            }
        }  

        // Close statement
        mysqli_stmt_close($stmt);

    } else{
        // URL doesn't contain id parameter. Redirect to error page
        header("location: error.php");
        exit();
    }
}

Although even this no longer shows the persons name now neither :(

    <form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
        <input type="hidden" name="memberid" value="<?php echo $memberid; ?>"/>
        <input type="hidden" name="signed_in" value="Y"/>
        <input type="hidden" name="membername" value="<?php echo $firstname ." ". $lastname; ?>"/>
        <input type="submit" class="btn btn-lg btn-primary" value="Sign In <?php echo $firstname . "&#x00A;" . $lastname; ?>">
        <a href="index.php" class="btn btn-lg btn-danger">Cancel Sign in</a>
    </form>
Dharman
  • 26,923
  • 21
  • 73
  • 125
Patrick
  • 13
  • 1
  • 4
    You are confusing execute() with exec(). Please follow the [correct routine](https://phpdelusions.net/pdo_examples) for INSERT and UPDATE queries. and also you are mixing PDO and mysqli in your code, it won't do – Your Common Sense May 31 '22 at 11:02
  • 2
    https://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php – RiggsFolly May 31 '22 at 11:09
  • You should only need 1 database connection. It looks like you have 2 or 3 here, `$link`, `$pdo`, and `$conn`. – user3783243 May 31 '22 at 11:14
  • 4
    Sorry Patrick, this is a cluster mess. Looks like you have copy/pasted from various sources without the most important step. Stop, Read and Understand what you have copied. – RiggsFolly May 31 '22 at 11:21

0 Answers0