Michael_Baxter Posted January 8, 2017 Share Posted January 8, 2017 Hi I have been working on my OOP and have put together some class files to aid my test application ( photo album ) on the upload page I have the browse box, a caption text box and an upload button this page posts to self, Once you click on upload it is also supposed to insert a database entry to allow tracking of the file's attributes, once I click the upload button I get this error message back, " Database Query Failed: Incorrect integer value ' ' for column 'id' at row 1 " so I have re looked over my codes in regards to uploading files and just can not seem to put my mouse on the spot that's causing me an issue so here is the codes that matter to the file uploads... this one is from my database.php class file, public function insert_id() { // get the last id inserted over the current db connection return mysql_insert_id($this->connection); } and this one is one comes from my photograph class file, public function create() { global $database; $attributes = $this->sanitized_attributes(); $sql = "INSERT INTO ".self::$table_name." ("; $sql .= join(", ", array_keys($attributes)); $sql .= ") VALUES ('"; $sql .= join("', '", array_values($attributes)); $sql .= "')"; if($database->query($sql)) { $this->id = $database->insert_id(); return true; } else { return false; } } Looking at my error and the information in those functions I can guess that's where the issue is coming from just don't get why any ideas please? Quote Link to comment Share on other sites More sharing options...
benanamen Posted January 8, 2017 Share Posted January 8, 2017 (edited) Not even going to try and decipher your code. If you're doing an INSERT you have no need to know what the last insert id is. Edited January 8, 2017 by benanamen Quote Link to comment Share on other sites More sharing options...
requinix Posted January 9, 2017 Share Posted January 9, 2017 The ID is being included in $attributes but doesn't have a valid value. Don't include it. Or if you must, set it to null. Quote Link to comment Share on other sites More sharing options...
Michael_Baxter Posted January 9, 2017 Author Share Posted January 9, 2017 yes I had a feeling after I was looking over the codes after I made this post that was going to be the case just was tired and my eyes hurt after staring at the screen so simply wanted to ask others advice Quote Link to comment Share on other sites More sharing options...
Solution Jacques1 Posted January 9, 2017 Solution Share Posted January 9, 2017 You should construct dynamic queries with prepared statements. Not only does this solve a lot of security vulnerabilities. It would also fix your current problem without any extra checks, because if $attributes['id'] is null, a prepared statement maps that to an SQL NULL, which is a perfectly valid value for an auto-incremented integer column. Your code, on the other hand, wraps all values in quotes, so you end up trying to insert an empty string into an integer column. Quote Link to comment Share on other sites More sharing options...
Michael_Baxter Posted January 9, 2017 Author Share Posted January 9, 2017 ok thanks Jaques1 that makes sense. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.