Thanks for that... date coming in as 0000-00-00 00:00:00 but at least its writing to the table. Ill work on it a bit and report the fix if I find.
Thanks
Printable View
Thanks for that... date coming in as 0000-00-00 00:00:00 but at least its writing to the table. Ill work on it a bit and report the fix if I find.
Thanks
Should I sanatize SELECT and DELETE statements as well using bindVars and placeholders?
Also the problem that I was having above was that the now() should not have been in the bindVars statements but rather in the placeholders statements.
This is what is working now:
Code:$sql = "INSERT INTO " . TABLE_ACME_PRODS . " (`acme_products_id`,`acme_products_partno`, `acme_products_orderno`, `acme_manus_id`, `acme_model_id`, `acme_products_years`, `acme_products_type`, `acme_products_catid`, `acme_products_catname`, `acme_products_matid`, `acme_products_matname`, `acme_products_dateAdded`)
VALUES (:products_id, :products_partno, :products_orderno, :products_manuid, :products_modelid, :products_years, :products_typeid, :products_catid, :products_typename, :products_matid, :products_matname, now())";
$sql = $db->bindVars($sql, ':products_id', $buildacmeProductID, 'string');
$sql = $db->bindVars($sql, ':products_partno',$resultProduct->attributes()->partNo, 'string');
$sql = $db->bindVars($sql, ':products_orderno',$resultProduct->attributes()->orderNo, 'string');
$sql = $db->bindVars($sql, ':products_manuid',$resultProduct->Manufacturer->attributes()->id, 'string');
$sql = $db->bindVars($sql, ':products_modelid',$resultProduct->Model->attributes()->id, 'string');
$sql = $db->bindVars($sql, ':products_years',$resultProduct->Years, 'string');
$sql = $db->bindVars($sql, ':products_typeid',$resultProduct->ProductType->attributes()->id, 'string');
$sql = $db->bindVars($sql, ':products_catid',$resultProduct->ProductType->attributes()->categoryID, 'string');
$sql = $db->bindVars($sql, ':products_typename',$resultProduct->ProductType, 'string');
$sql = $db->bindVars($sql, ':products_matid',$resultProduct->Material->attributes()->id, 'string');
$sql = $db->bindVars($sql, ':products_matname',$resultProduct->Material, 'string');
echo "<BR />DEBUG 10 SQL statement = ".$sql;
$db->Execute($sql);