CODEWITHSUNDEEP
phpmysqloop
Drew
Drew

Reputation: 3234

Object Oriented MySQL Statements, PHP

So far i have got the code below which works lovely when trying an update, delete or select statement. However I run into problems when I try to use an insert. If someone could point me in the correct direction i would be grateful.

private function escape($value)
{
    if(get_magic_quotes_gpc())
        $value = stripslashes($value);
    return mysql_real_escape_string($value, $this->dbConn);
}

/**
 * Handles connection to the database.
 * Die functions are used to catch any errors.
 */
public function connect($dbHost, $dbName, $dbUser, $dbPass)
{
    $this->dbConn = mysql_connect(
        $dbHost,
        $dbUser,
        $dbPass
    ) or die(mysql_error());
    mysql_select_db($dbName, $this->dbConn) or die(mysql_error());
}

/**
 * Loads a raw SQL string into the object $dbSql variable
 */
public function prep($sql)
{
    $this->dbSql = $sql;
}

/**
 * Load bound hooks and values into object variable
 */
public function bind($hook, $value)
{
    $this->dbBind[$hook] = $this->escape($value);

}

/**
 * Runs the SQL string in $dbSql object variable
 */
public function run()
{
    $sql = $this->dbSql;
    if(is_array($this->dbBind))
        foreach($this->dbBind as $hook => $value)
            $sql = str_replace($hook, "'" . $value . "'", $sql);  
    $this->dbQuery = mysql_query($sql) or die(mysql_error());
    $this->dbBind = array();
    return $this->numRows();
}


    // Load SQL statment into object
$MyDB->prep("INSERT INTO `demo` (`id`, `name`, `score`, `dept`, `date`) VALUES '1','James Kablammo', '1205550', 'Marketing', '$date'");
// Bind a value to our :id hook
// Produces: SELECT * FROM demo_table WHERE id = '23'
$MyDB->bind(':id',1);

// Run the query
$MyDB->run();

Upvotes: 0

Views: 1975

Answers (2)

Tim
Tim

Reputation: 813

You should probably wrap the values() in parens too, like:

$MyDB->prep("INSERT INTO `demo` (`id`, `name`, `score`, `dept`, `date`) VALUES ('1','James Kablammo', '1205550', 'Marketing', '$date'"));

Upvotes: 1

Kent Fredric
Kent Fredric

Reputation: 57354

It may help to start with using valid insert statements. 

VALUES ( a , b , c )

Not 

VALUES a, b , c

Additionally, why the dickens are you combining a perpared insert with string substituion?

you mean

$q->prep("blah blah blah VALUES ( :date , etc etc ) " );
$q->bind(":date", $date );

or something along those lines. using both techniques is just nonsensical.

Upvotes: 4

Related Questions