CODEWITHSUNDEEP
phppdo
Johnny000
Johnny000

Reputation: 2104

PDO insert issue

I've created a new function with PDO to insert data in my database.

The function looks like this

    function insert($table,$column = array(),$value = array())
{
    $array1 = implode(",", $column);
    $array2 = implode(",", $value);

    try 
    { 
        $sql = $this->connect->query("INSERT INTO $table ($array1) VALUES ($array2)");  


    }  
    catch(PDOException $e) 
    {  
        echo $e->getMessage();  
    }  
}

and the call for the function like this

-> insert('coupons',array('categorie','name','link','code','id'),array('test11','test','test','test','NULL'));

but after all, it seems not to work and isn't showing any error. Do someone have a few points for me, where I should search the mistake? When I write the query /wo the varibales and call the function, it works. Even with the first two variables it works. Only the last one ($array2) seems to have a "bug".

Upvotes: 0

Views: 56

Answers (1)

Marc B
Marc B

Reputation: 360562

You're inserting strings, which means your query comes out

INSERT INTO coupons (categorie, name, ...) VALUES (test11, test, ...)

bare strings are interpreted as field/table names, meaning your query is completely invalid.

At bare minimum, ignoring all the other problems with this code, the fix would be

$array2 = implode("','", $value);
                   ^-^---

INSERT INTO $table ($array) VALUES ('$array2');
                                    ^--     ^--

of course, this is ignoring the sql injection vulnerabilities, keyword problems, blah blah blah.

Upvotes: 1

Related Questions