0
public function create() {
        global $database;

         $attributes = $this->sanitized_attributes();
         $sql = "INSERT INTO ".self::$table_name." (";
         $sql .= join(", ", array_keys($attributes));
         $sql .= ") VALUES ('";
         $sql .= join("', '", array_values($attributes));
         $sql .= "')";


      if($database->query($sql)) {
        $this->id = $database->insert_id();
        return true;
      } else {
        return false;
      }
    }

i can't seem to get this function to work, what i want to do is get the data from the form, clean it and add, my description from(_POST) and title from _POST as well and write it to a table. or if there is a better way of getting a data from a form, in my case image gallery. how do i write the sql statement. i have also tried this

$sql ='INSERT INTO photographgallery '.' (filename,type,size,description,title)';
  $sql .='VALUES (\''.$filename.'\', \''.$type.'\',\''.$size.'\',\''.$description.'\',\''.$title.'\')';

which didn't work for me. HELP

ipkiss
  • 57
  • 1
  • 8
  • 1
    If the query is failing, get the error message from the database and look at it - it'll tell you exactly why it's going wrong. – andrewsi Mar 31 '16 at 18:04
  • Echo out the query that the script builds then you will know what is wrong, then you can fix it – RiggsFolly Mar 31 '16 at 18:08
  • for example if i hard coded it, like this, $sql = $sql = "INSERT INTO ".self::$table_name." ("; $sql .="filename,type,size,description,title) VALUES ('"; $sql .= ","; $sql .= "flower','jpg','12','beautiful flower','blue flower')"; it works, i just don't know how to pass the variables. – ipkiss Mar 31 '16 at 18:10
  • So add an `echo $sql;` after you build `$sql` and look at that or show us – RiggsFolly Mar 31 '16 at 18:19
  • thank you so much that is what i needed, once i echo the $sql, i found out what was wrong, i was sending empty values. – ipkiss Mar 31 '16 at 18:50

2 Answers2

1

You do seem to want to make your life difficult. This 

$sql ='INSERT INTO photographgallery '.'     
      (filename,type,size,description,title)';
$sql .='VALUES (\''.$filename.'\', \''.$type.'\',\''.$size.'     
        \',\''.$description.'\',\''.$title.'\')';

Can be written much simpler as this

$sql = "INSERT INTO photographgallery 
                  (filename,type,size,description,title)
        VALUES ('$filename', '$type', '$size', '$description', '$title')";

Like this it is so much simpler to see any errors in the syntax

Using this syntax does leave you open to SQL Injection and you should use parameterize queries to avoid that

Community
  • 1
  • 1
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
0

change your code to this so you get back any errors in your mysql code and the query itself:

public function create() {
    global $database;

     $attributes = $this->sanitized_attributes();
     $sql = "INSERT INTO ".self::$table_name." (";
     $sql .= join(", ", array_keys($attributes));
     $sql .= ") VALUES ('";
     $sql .= join("', '", array_values($attributes));
     $sql .= "')";


  if($database->query($sql)) {
    $this->id = $database->insert_id();
    return true;
  } else {
    echo $database->error;
    echo PHP_EOL;
    echo $sql;
    return false;
  }
}

this should provide you with valuable insight and probably have you able to fix the problem yourself, otherwise you can post the results here.

Jester
  • 1,408
  • 1
  • 9
  • 21