I am trying to make a form submit and either add or update based on the machine column being original. When I run the if else I can get it to run the if to add but to make it update the db it will not work. $db is a set variable for my project so that would not be the issue if anyone is confused about that. Now on the other hand I am not sure I wrote the code correctly so I have included it below. Any help is appreciated thanks.
I have tried searching multiple forums for a solution which I can not find. Tried piecing together from what I thought would work it did not.
if (!empty($_POST)) {
$machine = Input::get('machine');
$pull = Input::get('pull');
$pull1 = Input::get('pull1');
$labor = Input::get('labor');
$check = $db->query("SELECT * FROM machinerates WHERE machine = ?", [$machine])->count();
$update = $db->update("UPDATE machine SET machine = $machine, pull = $pull, pull1 = $pull1, labor = $labor WHERE machine = $machine");
if ($check < 1) {
processForm();
} else {
$db->update("UPDATE machine SET machine = $machine, pull = $pull, pull1 = $pull1, labor = $labor WHERE machine = $machine");
}
}
Expect it to add or update table based on if machine new or existing. It will add just fine but when it goes to the else it fails giving this error
Fatal error: Uncaught ArgumentCountError: Too few arguments to function DB::update(), 1 passed in C:\xampp\htdocs\erp\machinesettings.php on line 33 and exactly 3 expected in C:\xampp\htdocs\erp\users\classes\DB.php:260 Stack trace: #0 C:\xampp\htdocs\erp\machinesettings.php(33): DB->update('UPDATE machine ...') #1 {main} thrown in C:\xampp\htdocs\erp\users\classes\DB.php on line 260
Looks like the error is being thrown from DB.php. In the execution of the update function. From the error message, it looks like the function is looking for more than one argument.
The code shown (from machinesettings.php) appears to be passing a single argument, a string containing what appears to be SQL text.
The code pattern appears to be vulnerable to SQL Injection.
We're not seeing code for the update function (in DB.php), but if that's part of a decent library or framework, we're expecting it to be able to use prepared statements with bind placeholders.
Using positional place holders, the SQL text would be something like this:
UPDATE machine SET pull = ?, pull1 = ? , labor = ? WHERE machine = ?
As another argument, we would pass an array of bind values. This is similar to the pattern we see for the call to to query function, passing two arguments: a string containing the SQL text, and as a second argument an array of bind values.
Without seeing the code in C:\xampp\htdocs\erp\users\classes\DB.php we're flying blind, generating errors, and just guessing what the update function is expecting.
On an entirely different note... if we are expecting the code to "add a [row to] a table", we would typically expect a SQL INSERT statement.