Oren wrote:This $var in your real code... What dose it contain? I assume some gpc (Get Post Cookie) data, am I right?
Well, yes and no. But the text I've got trouble with yes. So for the sake of simplicity, I'll say yes.
The query is built in a class called service_class which as different properties and a method named "create".
So it goes like this in the acutal script :
Code: Select all
$new_service = new service_class();
if( isset($_POST['service_title']) ) { $new_service->title = $_POST['service_title']; } else { $new_service->title = ''; }
if( $new_service->create() )
{
// Notice the user that everything went well.
}
else
{
// Notice the user that something went wrong.
}
And the code for the class :
Code: Select all
class service_class()
{
// PROPERTIES
var $title;
// METHODS
function create()
{
// Create a new instance of the DB class "sql_db"
$db = new sql_db;
$query = "INSERT INTO " . SERVICE_TABLE . " VALUES (' " . mysql_real_escape_string($this->title) . " ' )";
if( !( $db->sql_query($query) ) )
{
return FALSE;
}
else
{
// Confirms that everything went well
return TRUE;
}
}
}
PS : I know I don't sanitize much my input, however, currently the script is only used internally. I'll changed that once we go live.