0

So far i have got the code below which works lovely when trying an update, delete or select statement. However I run into problems when I try to use an insert. If someone could point me in the correct direction i would be grateful.

private function escape($value)
{
    if(get_magic_quotes_gpc())
        $value = stripslashes($value);
    return mysql_real_escape_string($value, $this->dbConn);
}

/**
 * Handles connection to the database.
 * Die functions are used to catch any errors.
 */
public function connect($dbHost, $dbName, $dbUser, $dbPass)
{
    $this->dbConn = mysql_connect(
        $dbHost,
        $dbUser,
        $dbPass
    ) or die(mysql_error());
    mysql_select_db($dbName, $this->dbConn) or die(mysql_error());
}

/**
 * Loads a raw SQL string into the object $dbSql variable
 */
public function prep($sql)
{
    $this->dbSql = $sql;
}

/**
 * Load bound hooks and values into object variable
 */
public function bind($hook, $value)
{
    $this->dbBind[$hook] = $this->escape($value);

}

/**
 * Runs the SQL string in $dbSql object variable
 */
public function run()
{
    $sql = $this->dbSql;
    if(is_array($this->dbBind))
        foreach($this->dbBind as $hook => $value)
            $sql = str_replace($hook, "'" . $value . "'", $sql);  
    $this->dbQuery = mysql_query($sql) or die(mysql_error());
    $this->dbBind = array();
    return $this->numRows();
}


    // Load SQL statment into object
$MyDB->prep("INSERT INTO `demo` (`id`, `name`, `score`, `dept`, `date`) VALUES '1','James Kablammo', '1205550', 'Marketing', '$date'");
// Bind a value to our :id hook
// Produces: SELECT * FROM demo_table WHERE id = '23'
$MyDB->bind(':id',1);

// Run the query
$MyDB->run();
Improve this question
1
  • 1
    /me works out more what your code does and screams in agony. Commented Nov 25, 2008 at 11:20

2 Answers 2

Reset to default
4

It may help to start with using valid insert statements. 

VALUES ( a , b , c )

Not 

VALUES a, b , c

Additionally, why the dickens are you combining a perpared insert with string substituion?

you mean

$q->prep("blah blah blah VALUES ( :date , etc etc ) " );
$q->bind(":date", $date );

or something along those lines. using both techniques is just nonsensical.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

In all honesty I am so new to OO php that it hurts! Thanks for the help!
you may want to check out the docs on PDO. You're reimplementing by hand existing functionality otherwise.
1

You should probably wrap the values() in parens too, like:

$MyDB->prep("INSERT INTO `demo` (`id`, `name`, `score`, `dept`, `date`) VALUES ('1','James Kablammo', '1205550', 'Marketing', '$date'"));
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.