Jump to content
Sign in to follow this  
Michael_Baxter

inser_id() { not inserting for me says wrong integer

Recommended Posts

Hi I have been working on my OOP and have put together some class files to aid my test application ( photo album )

on the upload page I have the browse box,

a caption text box and an upload button this page posts to self,

Once you click on upload it is also supposed to insert a database entry to allow tracking of the file's attributes,

once I click the upload button I get this error message back,

" Database Query Failed: Incorrect integer  value ' ' for column 'id' at row 1 "

 so I have re looked over my codes in regards to uploading files and just can not seem to put my mouse on the spot that's causing me an issue so here is the codes that matter to the file uploads...

 

this one is from my database.php class file,

 public function insert_id() {
    // get the last id inserted over the current db connection
    return mysql_insert_id($this->connection);
  }

and this one is one comes from my photograph class file,

	
	public function create() {
		global $database;
		$attributes = $this->sanitized_attributes();
	  $sql = "INSERT INTO ".self::$table_name." (";
		$sql .= join(", ", array_keys($attributes));
	  $sql .= ") VALUES ('";
		$sql .= join("', '", array_values($attributes));
		$sql .= "')";
	  if($database->query($sql)) {
	    $this->id = $database->insert_id();
	    return true;
	  } else {
	    return false;
	  }
	}

Looking at my error and the information in those functions I can guess that's where the issue is coming from just don't get why any ideas please?

Share this post


Link to post
Share on other sites

Not even going to try and decipher your code. If you're doing an INSERT you have no need to know what the last insert id is.

Edited by benanamen

Share this post


Link to post
Share on other sites

The ID is being included in $attributes but doesn't have a valid value. Don't include it. Or if you must, set it to null.

Share this post


Link to post
Share on other sites

yes I had a feeling after I was looking over the codes after I made this post that was going to be the case just was tired and my eyes hurt after staring at the screen so simply wanted to ask others advice

Share this post


Link to post
Share on other sites

You should construct dynamic queries with prepared statements. Not only does this solve a lot of security vulnerabilities. It would also fix your current problem without any extra checks, because if $attributes['id'] is null, a prepared statement maps that to an SQL NULL, which is a perfectly valid value for an auto-incremented integer column.

 

Your code, on the other hand, wraps all values in quotes, so you end up trying to insert an empty string into an integer column.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  



×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.