Jump to content

inser_id() { not inserting for me says wrong integer


Michael_Baxter
Go to solution Solved by Jacques1,

Recommended Posts

Hi I have been working on my OOP and have put together some class files to aid my test application ( photo album )

on the upload page I have the browse box,

a caption text box and an upload button this page posts to self,

Once you click on upload it is also supposed to insert a database entry to allow tracking of the file's attributes,

once I click the upload button I get this error message back,

" Database Query Failed: Incorrect integer  value ' ' for column 'id' at row 1 "

 so I have re looked over my codes in regards to uploading files and just can not seem to put my mouse on the spot that's causing me an issue so here is the codes that matter to the file uploads...

 

this one is from my database.php class file,

 public function insert_id() {
    // get the last id inserted over the current db connection
    return mysql_insert_id($this->connection);
  }

and this one is one comes from my photograph class file,

	
	public function create() {
		global $database;
		$attributes = $this->sanitized_attributes();
	  $sql = "INSERT INTO ".self::$table_name." (";
		$sql .= join(", ", array_keys($attributes));
	  $sql .= ") VALUES ('";
		$sql .= join("', '", array_values($attributes));
		$sql .= "')";
	  if($database->query($sql)) {
	    $this->id = $database->insert_id();
	    return true;
	  } else {
	    return false;
	  }
	}

Looking at my error and the information in those functions I can guess that's where the issue is coming from just don't get why any ideas please?

Link to comment
Share on other sites

  • Solution

You should construct dynamic queries with prepared statements. Not only does this solve a lot of security vulnerabilities. It would also fix your current problem without any extra checks, because if $attributes['id'] is null, a prepared statement maps that to an SQL NULL, which is a perfectly valid value for an auto-incremented integer column.

 

Your code, on the other hand, wraps all values in quotes, so you end up trying to insert an empty string into an integer column.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.