Hello,
multiple things:
- escape your values:
1. if some of the user input contains '\'' for instance, your query is
not well formed
2. if some evil user want to do anything with your DB, he can do it
=> See mysql_escape_string or PDO prepared statements
- Use "else" part of the if statement everywhere you can to see where
the error is. Maybe you can not connect to DB for instance...
Hope you will fix your code..
Le vendredi 02 juillet 2010 à 22:05 +0000, Carlos Sura a écrit :
>
> Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help??
>
> This function is in a class, and I call it in a form, to create a new user..
>
>
>
> $objEmploye=new Employe;
> if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){
> echo 'Saved';
> }else{
> echo 'Error, try again';
> }
> }else{
>
>
> function insert($field){
> if($this->con->connect()==true){
> return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0]."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')");
> }
> }
>
>
>
>
> Thanks.
>
> _________________________________________________________________
> http://clk.atdmt.com/UKM/go/197222280/direct/01/
> Do you have a story that started on Hotmail? Tell us now
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
