-2

I have this code:

$vid_length = gmdate("H:i:s", $ytarr['length_seconds']);

$query = $conn->prepare("INSERT INTO videos (owner_id, video_url, vid_length, thumbnail_url, title) VALUES (:owner_id, :video_url :vid_length, :thumbnail_url, :title) ");
$query->execute(array(
    ':owner_id' => $_POST['owner_id'],
    ':video_url' => $youtube_link,
    ':vid_length' => $vid_length,
    ':thumbnail_url' => (string) $ytarr['thumbnail_url'],
    ':title' => (string) $ytarr['title']
));

If I remove the code related to vid_length, the other values get stored fine. With vid_length in however, the query doesn't work.

I tried making the vid_length column time, datetime and also varchar/text while casting (string) to $vid_length.

Any suggestions to make this work?

Ps: $vid_length becomes of format 00:02:39 (after converting the seconds) $ytarr['length_seconds'] is a number (ie 264s seconds)

Dan P.
  • 1,707
  • 4
  • 29
  • 57

2 Answers2

0

You could try SEC_TO_TIME(seconds) in the query to perform the conversion .

Also you missed a coma between :video_url and :vid_length

VALUES (:owner_id, :video_url :vid_length, :thumbnail_url, :title)

Probably something like this should help :

/*
$vid_length = gmdate("H:i:s", $ytarr['length_seconds']);
*/
$query = "
    INSERT INTO videos
            (owner_id,  video_url,              vid_length,       thumbnail_url,  title)
    VALUES (:owner_id, :video_url, SEC_TO_TIME(:length_seconds), :thumbnail_url, :title)";

$query = $conn->prepare( $query );
$query->execute(array(
        ':owner_id' => $_POST['owner_id'],
        ':video_url' => $youtube_link,
        ':length_seconds' => $ytarr['length_seconds'],
        ':thumbnail_url' => (string) $ytarr['thumbnail_url'],
        ':title' => (string) $ytarr['title']
));
Uours
  • 2,517
  • 1
  • 16
  • 21
  • Thanks--the comma was indeed the error. I got to know about it when I finally started displaying errors. – Dan P. Oct 07 '13 at 09:17
-1

I would Just Insert It Into Your Database Directly By Making Variables For Each Value Being Sent To The Database (vid_length VARCHAR(255) NOT NULL)

$vid_length = gmdate("H:i:s",$ytarr['length_seconds']);
$owner_id = $_POST['owner_id'];
$thumbnail_url = (string) $ytarr['thumbnail_url'];
$title = (string) $ytarr['title'];

$query = $conn->prepare("INSERT INTO videos (owner_id, video_url, vid_length, thumbnail_url, title)
VALUES (:owner_id, :video_url, :vid_length, :thumbnail_url, :title) ");

$query->execute(array(
    ':owner_id' => $owner_id,
    ':video_url' => $youtube_link,
    ':vid_length' => $vid_length,
    ':thumbnail_url' => $thumbnail_url,
    ':title' => $title

));
Dev_x7xClownx7x
  • 42
  • 3
  • 1
    The OP is using a modern library and protecting himself from SQL injection. Suggesting switching to a deprecated library and writing insecure code is terrible advice. – Álvaro González Oct 07 '13 at 08:01
  • true i was using an example of from what was given – Dev_x7xClownx7x Oct 07 '13 at 08:37
  • UPDATE: Would That Work Or Would That Still Be Insecure? – Dev_x7xClownx7x Oct 07 '13 at 08:45
  • Please have a look at [How can I prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). There's no need to waste time writing homegrown solutions. Furthermore, yours *alters* the data being submitted. And, of course, vulnerabilities found in the legacy mysql extension are not going to get fixed. – Álvaro González Oct 07 '13 at 09:04
  • Thanks--that's actually what I am using right now too (I'm just not passing vars to other vars). – Dan P. Oct 07 '13 at 09:29