Skip to content
Advertisement

How do I successfully insert records from HTML form using php cleandata and sanitize functions

I have written a script to add records into my database with include functions for clean and sanitize the input data and my db connection file with query functions respectively but my problem is that once I submit the form No Closeable Alert message is displayed and record is not inserted into the table either. Here is my script for record insertion

<?php
include('includes/functions.php');


//Require Database
include('includes/pdocon.php');

//instatiating our database objects
$db    = new Pdoconn;

if(isset($_POST['submit'])){

//Collect Raw Data for Cleaning
$raw_firstName   = cleandata($_POST['fname']);
$raw_lastName    = cleandata($_POST['lname']);
$raw_username    = cleandata($_POST['username']);
$raw_email       = cleandata($_POST['email']);
$raw_pass        = cleandata($_POST['password']);
$raw_phone       = cleandata($_POST['phone']);
$raw_dateJoin    = cleandata($_POST['jdate']);
$raw_role        = cleandata($_POST['role']);
$raw_employId    = cleandata($_POST['employeeid']);

//Sanitize the Cleandate
$c_fname        = sanitizeValue($raw_firstName);
$c_lname        = sanitizeValue($raw_lastName);
$c_username     = sanitizeValue($raw_username);
$c_email        = validatemail($raw_email);
$c_password     = sanitizeValue($raw_pass);
$c_phone        = valint($raw_phone);
$c_jdate        = sanitizeValue($raw_dateJoin);
$c_role         = sanitizeValue($raw_role);
$c_employId     = sanitizeValue($raw_employId);

//Hash Password
$Hashed_Pass    = hashpassword($c_password);

//Query to Insert/Add Employees in employees Table
$db->query('INSERT INTO employees(id, firstName, lastName, username, email, password, employeeId, joiningDate, phone, role)VALUES(NULL, :fname, :lname, :username, :email, :password, :employeeId, :joiningDate, :phone, :role)');

//Bind Values to Query Parameters
$db->bindvalue(':fname', $c_fname, PDO::PARAM_STR);
$db->bindvalue(':lname', $c_lname, PDO::PARAM_STR);
$db->bindvalue(':username', $c_username, PDO::PARAM_STR);
$db->bindvalue(':email', $c_email, PDO::PARAM_STR);
$db->bindvalue(':password', $Hashed_Pass, PDO::PARAM_STR);
$db->bindvalue(':employeeId', $c_employId, PDO::PARAM_STR);
$db->bindvalue(':joiningDate', $c_jdate, PDO::PARAM_STR);
$db->bindvalue(':phone', $c_phone, PDO::PARAM_INT);
$db->bindvalue(':role', $c_role, PDO::PARAM_STR);

//Query to Check whether Staff Already Exist using Email
$db->query('SELECT * FROM employees WHERE email=:email');

//Bind Email Value
$db->bindvalue(':email', $c_email, PDO::PARAM_STR);

//fetch Row
$row            = $db->fetchSingle();

//check role
if($row){

    redirect('employees.php');
    //Closeable Alert Message
    keepmsg('<div class="alert alert-danger text-center">
        <a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>
        <strong>Not Successful!</strong> Staff Already Exist, Pls Register another one.
        </div>');
}else{

//Run Query
$run_employee    = $db->execute();

if($run_employee){

    redirect('employees.php');
    //Closeable Alert Message
    keepmsg('<div class="alert alert-success text-center">
        <a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>
        <strong>Success!</strong> Employee Registered Successfully.
        </div>');
}else{
    //Closeable Alert Message
    keepmsg('<div class="alert alert-danger text-center">
        <a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>
        <strong>Not Successful!</strong> Employee Was Not Registered.
        </div>');
    }

}

}

?>

Advertisement

Answer

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement