-1

Only recently started using mysql so I'm slowly getting to grips with it, but trying to use PHP prepared statements for a webform, and upon submitting the webform, it's just displaying the php code. Any suggestions?

Thanks

<?php

$link = mysqli_connect("localhost", "root", "", "contactform");

if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}

$sql = "INSERT INTO contactform (firstname, surname, address1, address2, 
towncity, county, postcode) VALUES (?,?,?,?,?,?,?)";

if($stmt = mysqli_prepare($link, $sql)){
mysqli_stmt_bind_param($stmt, "sssssss", $firstname, $surname, $address1, 
$address2, $towncity, $county, $postcode);

$firstname = $_REQUEST['firstname'];
$surname = $_REQUEST['surname'];
$address1 = $_REQUEST['address1'];
$address2 = $_REQUEST['address2'];
$towncity = $_REQUEST['towncity'];
$county = $_REQUEST['county'];
$postcode = $_REQUEST['postcode'];


if(mysqli_stmt_execute($stmt)){
    echo "Records inserted successfully.";
} else{
    echo "ERROR: Could not execute query: $sql. " . mysqli_error($link);
}
} else{
echo "ERROR: Could not prepare query: $sql. " . mysqli_error($link);
}

mysqli_stmt_close($stmt);

mysqli_close($link);
?>
Improve this question
4
  • So it's displaying the source code? Commented Mar 5, 2018 at 9:42
  • Hi Simon, Yeah thats right. I had it working fine before using prepared statements. Commented Mar 5, 2018 at 9:43
  • 2
    The only reasons I can think of for it showing the PHP source, is a dodgy opening tag, or your webserver isn't set up properly. Commented Mar 5, 2018 at 9:44
  • You should remove this question as there does not seem to be a reproducible problem with the code. Or is there? Then you should post a real answer. Commented Mar 5, 2018 at 9:50

1 Answer 1

Reset to default
0

using eval( $text ); will execute your string as PHP code. is that what you are looking for ?

PHP eval() function

Caution The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.