From: =?UTF-8?Q?Hans_=C3=85hlin?= on
You have forgotten the ending ; in the sql query....
try this
mysql_query("INSERT INTO employes (name,lastname, salary, id, afp,
isss, nit) VALUES ('".$field[0]."',
'".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."');");

**********************************************
Hans Åhlin
Tel: +46761488019
icq: 275232967
http://www.kronan-net.com/
irc://irc.freenode.net:6667 - TheCoin
**********************************************



2010/7/3 Ashley Sheridan <ash(a)ashleysheridan.co.uk>:
> On Fri, 2010-07-02 at 23:19 +0000, Carlos Sura wrote:
>
>> Hello Ash,
>>
>> No, I don't get an error message, the thing is, my post form, isn't working... I can't post those fields in database when I fill them up in the form... But, I really don't know why... Do you want my form code? all the entire class.php code??
>>
>> Thank you for helping me.
>>
>> Carlos Sura.
>>
>>
>>
>>
>>
>>
>> Subject: Re: [PHP] What's wrong in this function? Does not work for me.
>> From: ash(a)ashleysheridan.co.uk
>> To: carlos_sura(a)hotmail.com
>> CC: php-general(a)lists.php.net
>> Date: Sat, 3 Jul 2010 00:08:05 +0100
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Fri, 2010-07-02 at 22:05 +0000, Carlos Sura wrote:
>>
>>
>> Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help??
>>
>> This function is in a class, and I call it in a form, to create a new user..
>>
>>
>>
>>     $objEmploye=new Employe;
>>     if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){
>>         echo 'Saved';
>>     }else{
>>         echo 'Error, try again';
>>     }
>> }else{
>>
>>
>>     function insert($field){
>>         if($this->con->connect()==true){
>>             return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0].."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')");
>>         }
>>     }
>>
>>
>>
>>
>> Thanks.
>>
>> _________________________________________________________________
>> http://clk.atdmt.com/UKM/go/197222280/direct/01/
>> Do you have a story that started on Hotmail? Tell us now
>>
>>
>>
>>
>> I can't see anything wrong with that code excerpt. Are you getting a specific error, and if so, what is the code on and around the line number indicated in that error?
>>
>>
>>
>>
>>
>>
>> Thanks,
>>
>> Ash
>>
>> http://www.ashleysheridan.co.uk
>>
>>
>>
>>
>>
>>
>>
>>
>> _________________________________________________________________
>> http://clk.atdmt.com/UKM/go/197222280/direct/01/
>> We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now
>
>
> Break the code down into very simple parts with echo statements. First,
> I'd echo out the $_POST or $_GET data that you're using to see if the
> values you think are being sent are being sent. Then, move onto the next
> part of code, stepping through with echo statements to output variable
> values to ensure that your data is following the right path. This is one
> of the easiest ways to find a problem I've found, short of using an IDE
> to step through the code.
>
> Also, you could put the code up on something like pastebin and post a
> link to it, which will let people see what the code looks like and
> hopefully figure out where the problem is.
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
>
>
>
From: Ashley Sheridan on
On Sat, 2010-07-03 at 09:01 +0200, Alexandre Simon wrote:

> Hello,
>
> multiple things:
> - escape your values:
> 1. if some of the user input contains '\'' for instance, your query is
> not well formed
> 2. if some evil user want to do anything with your DB, he can do it
> => See mysql_escape_string or PDO prepared statements
> - Use "else" part of the if statement everywhere you can to see where
> the error is. Maybe you can not connect to DB for instance...
>
> Hope you will fix your code..
>
> Le vendredi 02 juillet 2010 à 22:05 +0000, Carlos Sura a écrit :
> >
> > Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help??
> >
> > This function is in a class, and I call it in a form, to create a new user..
> >
> >
> >
> > $objEmploye=new Employe;
> > if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){
> > echo 'Saved';
> > }else{
> > echo 'Error, try again';
> > }
> > }else{
> >
> >
> > function insert($field){
> > if($this->con->connect()==true){
> > return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0]."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')");
> > }
> > }
> >
> >
> >
> >
> > Thanks.
> >
> > _________________________________________________________________
> > http://clk.atdmt.com/UKM/go/197222280/direct/01/
> > Do you have a story that started on Hotmail? Tell us now
>
>
>


As the variables aren't using the special global arrays $_POST or $_GET,
there's no indication that the values aren't being sanitised when they
go into the query.

Thanks,
Ash
http://www.ashleysheridan.co.uk


From: Ashley Sheridan on
On Sat, 2010-07-03 at 09:20 +0200, Hans Åhlin wrote:

> You have forgotten the ending ; in the sql query....
> try this
> mysql_query("INSERT INTO employes (name,lastname, salary, id, afp,
> isss, nit) VALUES ('".$field[0]."',
> '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."');");
>
> **********************************************
> Hans Åhlin
> Tel: +46761488019
> icq: 275232967
> http://www.kronan-net.com/
> irc://irc.freenode.net:6667 - TheCoin
> **********************************************
>
>
>
> 2010/7/3 Ashley Sheridan <ash(a)ashleysheridan.co.uk>:
> > On Fri, 2010-07-02 at 23:19 +0000, Carlos Sura wrote:
> >
> >> Hello Ash,
> >>
> >> No, I don't get an error message, the thing is, my post form, isn't working... I can't post those fields in database when I fill them up in the form... But, I really don't know why... Do you want my form code? all the entire class.php code??
> >>
> >> Thank you for helping me.
> >>
> >> Carlos Sura.
> >>
> >>
> >>
> >>
> >>
> >>
> >> Subject: Re: [PHP] What's wrong in this function? Does not work for me..
> >> From: ash(a)ashleysheridan.co.uk
> >> To: carlos_sura(a)hotmail.com
> >> CC: php-general(a)lists.php.net
> >> Date: Sat, 3 Jul 2010 00:08:05 +0100
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> On Fri, 2010-07-02 at 22:05 +0000, Carlos Sura wrote:
> >>
> >>
> >> Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help??
> >>
> >> This function is in a class, and I call it in a form, to create a new user..
> >>
> >>
> >>
> >> $objEmploye=new Employe;
> >> if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){
> >> echo 'Saved';
> >> }else{
> >> echo 'Error, try again';
> >> }
> >> }else{
> >>
> >>
> >> function insert($field){
> >> if($this->con->connect()==true){
> >> return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0]."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')");
> >> }
> >> }
> >>
> >>
> >>
> >>
> >> Thanks.
> >>
> >> _________________________________________________________________
> >> http://clk.atdmt.com/UKM/go/197222280/direct/01/
> >> Do you have a story that started on Hotmail? Tell us now
> >>
> >>
> >>
> >>
> >> I can't see anything wrong with that code excerpt. Are you getting a specific error, and if so, what is the code on and around the line number indicated in that error?
> >>
> >>
> >>
> >>
> >>
> >>
> >> Thanks,
> >>
> >> Ash
> >>
> >> http://www.ashleysheridan.co.uk
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> _________________________________________________________________
> >> http://clk.atdmt.com/UKM/go/197222280/direct/01/
> >> We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now
> >
> >
> > Break the code down into very simple parts with echo statements. First,
> > I'd echo out the $_POST or $_GET data that you're using to see if the
> > values you think are being sent are being sent. Then, move onto the next
> > part of code, stepping through with echo statements to output variable
> > values to ensure that your data is following the right path. This is one
> > of the easiest ways to find a problem I've found, short of using an IDE
> > to step through the code.
> >
> > Also, you could put the code up on something like pastebin and post a
> > link to it, which will let people see what the code looks like and
> > hopefully figure out where the problem is.
> >
> > Thanks,
> > Ash
> > http://www.ashleysheridan.co.uk
> >
> >
> >


Semicolons at the end of SQL statements are not required unless you are
issuing multiple SQL statements in one string.

Thanks,
Ash
http://www.ashleysheridan.co.uk


From: =?UTF-8?Q?Hans_=C3=85hlin?= on
Another thing is that I would use != false, so every value but false passes.

$objEmploye=new Employe;
if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit))
== true){
echo 'Saved';
}else{
echo 'Error, try again';
}


**********************************************
Hans Åhlin
Tel: +46761488019
icq: 275232967
http://www.kronan-net.com/
irc://irc.freenode.net:6667 - TheCoin
**********************************************



2010/7/3 Carlos Sura <carlos_sura(a)hotmail.com>:
>
>
> Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help??
>
> This function is in a class, and I call it in a form, to create a new user..
>
>
>
>    $objEmploye=new Employe;
>    if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){
>        echo 'Saved';
>    }else{
>        echo 'Error, try again';
>    }
> }else{
>
>
>    function insert($field){
>        if($this->con->connect()==true){
>            return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0]."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')");
>        }
>    }
>
>
>
>
> Thanks.
>
> _________________________________________________________________
> http://clk.atdmt.com/UKM/go/197222280/direct/01/
> Do you have a story that started on Hotmail? Tell us now
From: Ashley Sheridan on
On Sat, 2010-07-03 at 16:11 +0200, Hans Åhlin wrote:

> Another thing is that I would use != false, so every value but false passes.
>
> $objEmploye=new Employe;
> if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit))
> == true){
> echo 'Saved';
> }else{
> echo 'Error, try again';
> }
>
>
> **********************************************
> Hans Åhlin
> Tel: +46761488019
> icq: 275232967
> http://www.kronan-net.com/
> irc://irc.freenode.net:6667 - TheCoin
> **********************************************
>
>
>
> 2010/7/3 Carlos Sura <carlos_sura(a)hotmail.com>:
> >
> >
> > Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help??
> >
> > This function is in a class, and I call it in a form, to create a new user..
> >
> >
> >
> > $objEmploye=new Employe;
> > if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){
> > echo 'Saved';
> > }else{
> > echo 'Error, try again';
> > }
> > }else{
> >
> >
> > function insert($field){
> > if($this->con->connect()==true){
> > return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0]."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')");
> > }
> > }
> >
> >
> >
> >
> > Thanks.
> >
> > _________________________________________________________________
> > http://clk.atdmt.com/UKM/go/197222280/direct/01/
> > Do you have a story that started on Hotmail? Tell us now
>


Actually, removing the '== true' part would do that and result in
shorted code. The mysql_query() function returns different values
depending on the query made, but will only ever be one of 3 values:
true, false, or a mysql resource. In this code example, there is no
difference between '== true' and '!= false'.

Thanks,
Ash
http://www.ashleysheridan.co.uk