Code in "inc/q/prof.php":
<?php
// Insert Comments into Database that user provides
$comm = mysql_real_escape_string($_POST['addComment']);
// following line has changed:
$pID4 = filter_var( $_POST['pID'], FILTER_SANITIZE_STRING );
$commentDetail = $_POST['addComment'];
$username = "###";
$password = "###";
$pdo4 = new PDO('mysql:host=localhost;dbname=####', $username, $password);
$pdo4->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sth4 = $pdo4->prepare('
INSERT INTO Comment (info, pID, cID) VALUES(?,?,?)
SELECT Comm.cID
FROM Professor P, Comment Comm, Course Cou
WHERE P.pID = Comm.pID
AND Cou.cID = Comm.cID;
');
$sth4->execute(array($commentDetail, $pID4, $cID ));
?>
开发者_如何学JAVAHTML
<form action='inc/q/prof.php' method='post'>
<input type='text' id='addComment' name='addComment' tabindex='3' value='Enter comment' />
<input type='hidden' name='pID' value='<?php echo $pID4; ?>'>
</form>
Tables:
Error still received - I am still getting error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT Comm.cID FROM Professor P, Comment Comm, Course Cou WHERE P.pID = Comm.p' at line 2\PDOStatement->execute(Array) #1
You can pass them as both hidden input fields. It appears as though you already have that for pID
:
<input type="hidden" name="pID" value="<?php echo $pID4 ?>" />
Also, ensure you are actually posting the correct fields and values. Add the following to the top of prof.php:
print_r($_POST);
My guess is your not actually passing anything for $_POST['pID']
It has nothing to do with clearing the URL; you're missing a semicolon after the echo to insert the pID into the hidden field. So you're just passing pID an empty value, because the PHP won't execute. Also, you don't have any courseinfoDD input, so of course it will enter null in your new row.
精彩评论