Allow user to submit comment based on (2) tables?

ERROR on this Php file:

    <?php // Insert Comments into Database that user provides
        //Get values of fields entered
        $comment = $_POST['addComment'];
        $pID4 = filter_var( $_POST['pID'], FILTER_SANITIZE_ST开发者_运维知识库RING );
        $cID = $_POST['prefix'] . $_POST['code'];
    require_once('inc/dbc1.php');
    $pdo4 = new PDO('mysql:host=###;dbname=####', $username, $password);
    $pdo4->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
 /* Error on this line --> */   $sth4 = $pdo4->prepare('INSERT INTO Comment (info, pID, cID) VALUES('$comment',?,?);');
    $sth4->execute(array($comment, $pID4, $cID));  
    ?>

ERROR: syntax error, unexpected T_VARIABLE

---

From what I can see, the info field is required (i.e. cannot be null) but I can't see where you are setting the $info variable to pass into the prepared statement.

Try restarting mysql in debug mode, which should allow you to get the exact query being run - you can then see if it's a MySQL problem or a PHP problem.

---

You're not outputting your pID into your form, because of mal-formed string output:

echo "<option>".$row3['prefix']." ".$row3['code']."</option>"; }
echo "</select>
<input type='text' id='addComment' name='addComment' tabindex='3' value='Enter comment' />
<input type='hidden' name='pID' value='<?php echo $pID4; ?>'>
                                       ^^^^^^^^^^^^^^^^^^^^^ here
</form>";     

At the point I've indicated, you're still within the double-quoted string for the 'echo' command, so that PHP never gets executed, as it's within the string. What you'll end up with is an HTML tag that looks like

...<input type="hidden' name='pID' value='<?php echo 1234;?>'>...

in the browser, which is not what you want.

You really need to either "break out" of PHP mode, or use HEREDOCs. Either will let you output multi-line text chunks without having to jump through hoops with mixing quoting styles, and also let any decent syntax-highlighting editor catch errors such as this.

---

$pdo4->prepare('INSERT INTO Comment (info, pID, cID) VALUES('.$comment.',?,?);');

that's wrong. use this:

 $pdo4->prepare('INSERT INTO Comment (info, pID, cID) VALUES(?,?,?);');