Problem with saving data in the database

Question

Problem with saving data in the database

Navigation

#1 by (2 votes)
#2 by (1 votes)

1

For some reason it does not save it, the $ _POST receives it correctly, but in the save function where I execute the SQL it does not do not understand why the function is this

function guardar_dominio($input, $conn)
{

    if(isset($input['id']) && $input['id']!=""){

        $sql ="UPDATE dominios SET dominio='".utf8_decode($input['dominio']).
        "', renovacion='".utf8_decode($input['renovacion']).
        "', registrado='".utf8_decode($input['registrado']).
        "', estado= 1".
        ", status= 1".
        " WHERE id=".$input['id'];

        $conn->execute($sql);
    }else{
        var_dump($input);
        $sql = "INSERT INTO dominios (dominio, renovacion, registrado, estado, status) VALUES ('"
        .$input['dominio']."', '"
        .$input['renovacion']."', '"
        .$input['registrado']."', "
        ."1, 1)";

        $conn->execute($sql);

        var_dump($sql);
    }
}

the quality of the code is something old because when I work they do not know how to work with objects but well, the fact is that I do not understand the reason, I do the vardump($sql) and the INSERT is correct someone Would you know how to solve it?

mysql php

asked by juank 24.08.2018 в 16:21

source

2 answers

2

To use the execute you have to do a prepare before.

 $sql ="UPDATE dominios SET dominio='".utf8_decode($input['dominio']).
    "', renovacion='".utf8_decode($input['renovacion']).
    "', registrado='".utf8_decode($input['registrado']).
    "', estado= 1".
    ", status= 1".
    " WHERE id=".$input['id'];
 $prepare = $conn->prepare($sql);
 $prepare->execute();

As a tip, because of the issue of injection, I would not believe the sentence directly but the would prepare

in this case it would be:

 $params = array(
   ':dominio' => utf8_decode($input['dominio']
   ':renovacion' => utf8_decode($input['renovacion']),
   ':registrado' => utf8_decode($input['registrado']),
   ':id' => $input['id']
 ) 
 $sql ="UPDATE dominios 
           SET dominio= :dominio,
               renovacion=:renovacion,
               registrado=:registrado,
               estado= 1,
               status= 1,
        WHERE id=:id ";
 $prepare = $conn->prepare($sql);
 $prepare->execute($params);

You can prepare a sentence in many ways, this is one of them. And you give more security to the update

answered by 24.08.2018 в 16:33

Query runs twice Save image to disk from a NumPy array

score 1 · Accepted Answer

You can only use execute with prepared statements, if you do not want to use prepared statements use query($query) instead of execute()

more info on query more info on execute execute

Edito: It is always more advisable to do it with a prepared query of the execute method, than with the direct query, since the query method is susceptible to sql injection. the best thing would be to keep an eye on how to prepare a sentence with php.