I am stuck with this.
Here is the code:
This is how I call the function,
$res = DataManager::agregarPropiedad($_POST);
here is the function that generate the query and send it,
public static function agregarPropiedad($datos){
$sql = "INSERT INTO propiedades (id_propiedad, nombre, tipopropiedad, descripcion, dormitorios, baños, direccion, localidad, provincia, fecha_alta, sup_cubierta, sup_total)
VALUES (null, '" . $datos['nombre'] . "', '" . $datos['tipo'] . "', '" . $datos['descripcion'] . "', '" . $datos['dormitorios'] . "', '" . $datos['baños'] . "', '" . $datos['direccion'] . "', '" . $datos['localidad'] . "', '" . $datos['provincia'] . "', CURRENT_TIMESTAMP, '" . $datos['supcubierta'] . "', '" . $datos['suptotal'] . "')";
//$sql = "insert into prueba values(null,'".$datos['nombre']."')";
echo $sql;
return DataManager::consulta($sql);
}
When I copy the echo$sql and paste in phpMyAdmin works fine, but when I try to send my function is not inserting anything, but I have no errors. mysql_erros() its empty too.
U can see that, there is a commented $sql. I use that just for test with another table which is much simpler and query the function “consulta” which works fine too.
This is maybe the 40 function that insert things in mysql database, but the first with which I have problems, and I don’t know why =(
helppppp…
From personal experience, MySQL queries that work when dumped / copied / pasted into PhPMyAdmin that don’t work in code are caused by:
It may well be that if you address the second issue the problem might fix itself. In any case at a minimum you should process you POST(ed) data with strip_tags and add_slashes, but for MySQL mysql_real_escape_string() is strongly recommended.
http://php.net/manual/en/function.mysql-real-escape-string.php
http://www.adminsehow.com/2010/03/prevent-mysql-injection-in-php