Home/ Questions/Q 4320752
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T08:40:04+00:00

Code in inc/q/prof.php: <?php // Insert Comments into Database that user provides $comm =

  • 0

Code in “inc/q/prof.php”:

<?php
// Insert Comments into Database that user provides
$comm = mysql_real_escape_string($_POST['addComment']);

// following line has changed:
$pID4 = filter_var( $_POST['pID'], FILTER_SANITIZE_STRING );

$commentDetail = $_POST['addComment'];
$username = "###";
$password = "###";
$pdo4 = new PDO('mysql:host=localhost;dbname=####', $username, $password);
$pdo4->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sth4 = $pdo4->prepare('
INSERT INTO Comment (info, pID, cID) VALUES(?,?,?) 
SELECT Comm.cID
FROM Professor P, Comment Comm, Course Cou 
WHERE P.pID = Comm.pID
AND Cou.cID = Comm.cID;
'); 
$sth4->execute(array($commentDetail, $pID4, $cID ));


?>

HTML

<form action='inc/q/prof.php' method='post'>
                    <input type='text' id='addComment' name='addComment' tabindex='3' value='Enter comment' />
                <input type='hidden' name='pID' value='<?php echo $pID4; ?>'>

                </form>

Tables:
comm
course
prof

Error still received – I am still getting error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT Comm.cID FROM Professor P, Comment Comm, Course Cou WHERE P.pID = Comm.p' at line 2\PDOStatement->execute(Array) #1

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can pass them as both hidden input fields. It appears as though you already have that for pID:

    <input type="hidden" name="pID" value="<?php echo $pID4 ?>" />

    Also, ensure you are actually posting the correct fields and values. Add the following to the top of prof.php:

    print_r($_POST);

    My guess is your not actually passing anything for $_POST['pID']

    • 0