rc wrote:
> Mysql_Insert_ID($dbhandle->connection);
>
> gets the last id of the last insert statement -
> if you do any db activity
> after the insert, this won't work.
In other words:
> $res = $dbhandle->query("select
last_insert_id()");
> $dbhandle->query("UNLOCK TABLES");
> $result = $res->fetchRow();
Needs to be:
> $res = $dbhandle->query("select
last_insert_id()");
> $result = $res->fetchRow();
> $dbhandle->query("UNLOCK TABLES");
Also, if this were production code you would want
to check the value of $CustomerID, e.g. if someone
choose or passed a CustomerID of ");DELETE * FROM
Orders; "(1 they could delete your entire table.
b.
>
>
> On Tue, 30 Oct 2001, Matthew Walker wrote:
>
> > Does anyone see anything wrong with the
> following code/query syntax? I'm
> > using the PEAR DB class for PHP. When this
> runs, it correctly inserts
> > the row to the table, but is failing to
> retrieve the last_insert_id().
> >
> > function StartOrder()
> > {
> > global $dbhandle;
> > global $OrderID;
> > global $CustomerID;
> >
> > if (!($OrderID)) {
> > $query = "INSERT INTO Orders (CustomerID)
> VALUES(";
> > if ($CustomerID) {
> > $query .= "\"" . $CustomerID . "\"";
> > } else {
> > $query .= "\"" . "\"";
> > }
> > $query .= ")";
> > $dbhandle->query("LOCK TABLES Orders
> WRITE");
> > $dbhandle->query($query);
> > $res = $dbhandle->query("select
> last_insert_id()");
> > $dbhandle->query("UNLOCK TABLES");
> > $result = $res->fetchRow();
> > return $OrderID = $result[0];
> > } else {
> > return $OrderID;
> > }
> > } // end func
> >
> > --
> > Matthew Walker
> > Ecommerce Project Manager
> > Mountain Top Herbs
> >
> >
> >
> > ---
> >
> >
> > --
> > Matthew Walker
> > Ecommerce Project Manager
> > Mountain Top Herbs
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system
> (http://www.grisoft.com).
> > Version: 6.0.286 / Virus Database: 152 -
> Release Date: 10/9/2001
> >
> >
> >
> >
> ---------------------------------------------------------------------
>
> > Before posting, please check:
> > http://www.mysql.com/manual.php (the
> manual)
> > http://lists.mysql.com/ (the list
> archive)
> >
> > To request this thread, e-mail
> <[EMAIL PROTECTED]>
> > To unsubscribe, e-mail
> <[EMAIL PROTECTED]>
>
> > Trouble unsubscribing? Try:
> http://lists.mysql.com/php/unsubscribe.php
> >
>
> -
> -------------------------------------------------------------------
>
> Before posting, please check:
> http://www.mysql.com/manual.php (the
> manual)
> http://lists.mysql.com/ (the list
> archive)
>
> To request this thread, e-mail
> <[EMAIL PROTECTED]>
> To unsubscribe, e-mail
> <[EMAIL PROTECTED]>
>
> Trouble unsubscribing? Try:
> http://lists.mysql.com/php/unsubscribe.php
--
Bill Adams
TriQuint Semiconductor
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
