On 19/05/15 12:39, Christoph Becker wrote:
John Allsopp wrote:
On 19/05/15 08:47, Marcos Almeida Azevedo wrote:
On Tue, May 19, 2015 at 3:45 PM, John Allsopp <john@xxxxxxxxxxxxxxxxx>
wrote:
$sql = "INSERT into BOOKING values (null, $pBOOKING_showtimeId,
$pBOOKING_numberOfVehicles, \"$pBOOKING_nameOfPerson\ .... )";
and when I look at that $sql, it's
INSERT into BOOKING values (null, , 1, "", ...)
So, it's failing because the function
$myShowtimeController->getShowtimeId() returns NULL, but that's not
reflected in the SQL, so my first question is, do I really have to
write:
if ($pBOOKING_showtimeId===null)
{
$sql .= "null, ";
} else
{
$sql .= "$pBOOKING_showtimeId, ";
}
.. and my second question is that none of the string variables are going
to come out NULL either, they'll end up as blank strings.
I'm really just trying to avoid having to write the above fix for all
those variables.
Where am I wrong and why?
It appears that you already understand the problem: NULL has to written
literally, but not as string. Instead of constructing the query
manually, you should consider using prepared statements if these are
supported by your database library. When you bind the concrete values
to the prepared statement, the library takes care of the types (maybe
you have to explicitly specify the type). Prepared statements are
generally recommendable for security reasons, by the way ("SQL Injection").
OK, thanks, I was just hoping for a simpler way. I do need to look into
prepared statements, it does keep coming up :-)
All the best
J
--
-------------------------------------------------------------
John Allsopp, Online marketing, web development & social media
Learn Twitter marketing for the smaller enterprise: http://www.surgemarketing.co.uk/twitterForTheSmallEnterprise.php
http://www.surgemarketing.co.uk
http://www.johnallsopp.co.uk
http://www.amilliontweaks.co.uk
Tel: 01723 376477 / 07762 941921
Twitter: @JohnAllsoppIM
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
