Home/ Questions/Q 8829707
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T07:53:46+00:00

I’ve created a new function with PDO to insert data in my database. The

  • 0

I’ve created a new function with PDO to insert data in my database.

The function looks like this

    function insert($table,$column = array(),$value = array())
{
    $array1 = implode(",", $column);
    $array2 = implode(",", $value);

    try 
    { 
        $sql = $this->connect->query("INSERT INTO $table ($array1) VALUES ($array2)");  


    }  
    catch(PDOException $e) 
    {  
        echo $e->getMessage();  
    }  
}

and the call for the function like this

-> insert('coupons',array('categorie','name','link','code','id'),array('test11','test','test','test','NULL'));

but after all, it seems not to work and isn’t showing any error. Do someone have a few points for me, where I should search the mistake? When I write the query /wo the varibales and call the function, it works. Even with the first two variables it works. Only the last one ($array2) seems to have a “bug”.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You’re inserting strings, which means your query comes out

    INSERT INTO coupons (categorie, name, ...) VALUES (test11, test, ...)

    bare strings are interpreted as field/table names, meaning your query is completely invalid.

    At bare minimum, ignoring all the other problems with this code, the fix would be

    $array2 = implode("','", $value);
                   ^-^---

INSERT INTO $table ($array) VALUES ('$array2');
                                    ^--     ^--

    of course, this is ignoring the sql injection vulnerabilities, keyword problems, blah blah blah.

    • 0