On submission, this is my code:
if(isset($_POST['send_money'])) {
$date = explode("/",date('d/m/Y/h/i/s'));
list($day,$month,$year,$hour,$min,$sec) = $date;
$transaction_id = 'GMT'. $year .'.'.$day.$month.'.'.$hour . $min.$sec;
$amount = mysqli_real_escape_string($conn, $_POST['amount']);
$sender = mysqli_real_escape_string($conn, $_POST['sender']);
$receiver = mysqli_real_escape_string($conn, $_POST['receiver']);
$collected = FALSE; // Boolean data type in database
$approved = FALSE; // Boolean data type in database
$stmt = $conn->prepare("INSERT INTO transactions (transaction_id, date_of_transaction, amount,sender, receiver, collected, approved)
VALUES(?,now(), ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sdssss", $transaction_id, $amount, $sender, $receiver $collected, $approved);
$query = $stmt->execute();
if($query){
array_push($errors, "<h4 class='text-success text-center'>Transaction completed successfully</h4><hr/>");
}else{
array_push($errors, "<h4 class='text-danger text-center'>Couldn't complete transaction</h4><hr/>");
}
}
The query cannot send the data to the database and can you assist in;
- Inserting DATETIME using MySQLi parameter binding
- Inserting BOOLEAN using MySQLi parameter binding
$amountshould not be a float/double. Money should be stored using DECIMAL type and used as a string in PHP/mysqlistring s??mysqli_real_escape_stringshould not be used with prepared statement. This will damage your data.