Problem with insert query

[joakoman]

Hi, i'm developing a module that inserts rows on the db, but the query always returns false and I have no idea why... i've tried everything and it's still not working

 

Here's the function:

 

 

public function getContent()

{

if (Tools::isSubmit('submit'))

{

$title = Tools::getValue("title");

$category = Tools::getValue("category");

if(Tools::getValue("visible") == "on"){ $visible = 1;}else{ $visible = 0; }

$notice = Tools::getValue("newMessage");

$image = Tools::getValue("image");

$db = Db::getInstance();

$sql = 'INSERT INTO `'._DB_PREFIX_.'blog` (`title`, `image`, `category`, `notice`, `visible`) VALUES ('.$title.', '.$image.', '.$category.', '.$notice.', '.$visible.')';

if($db->execute($sql)) echo "good";

else echo "error";

}

 

 

$this->_displayForm();

return $this->_html;

}

 

 

any idea? Thanks in advance!

[Burhan BVK]

Your text fields are not quoted (") and not escaped.

[joakoman]

mm I changed it to :

 

$sql = "INSERT INTO '"._DB_PREFIX_."blog' ('title', 'image', 'category', 'notice', 'visible') VALUES (".$title.", ".$image.", ".$category.", ".$notice.", ".$visible.")";

 

but nothing happens, what do you mean by escaping them? could you correct the sentence for me?

 

Thanks!

[akshik]

Hello Joakoman,

 

you have to put the text(string) data into quotes(either single or double) and integer data without any quotes.

 

So from your query I'm assuming that your title,image,category, notice fields are going to take text data and visible a boolean field

 

Based on this your query can be written in the following way

 

$sql = "INSERT INTO "._DB_PREFIX_."blog (title, image, category, notice, visible) VALUES ('$title', '$image', '$category', '$notice', $visible)";

 

 

Also table fields come without any quotations

Edited December 14, 2012 by akshik (see edit history)