public static function addProduct($obj_Product) { $db = config::dbconfig(); $obj_retresult = new returnResult(); $obj_Product->ProductId = DAL_manageProduct::getLastProductId() + 1; $sql = "INSERT INTO tbl_product (ProductId,ProductName,ExpireDuration,Description) \n\t\tVALUES (" . common::noSqlInject($obj_Product->ProductId) . "," . "'" . common::noSqlInject($obj_Product->ProductName) . "'" . "," . "'" . common::noSqlInject($obj_Product->ExpireDuration) . "'" . "," . "'" . common::noSqlInject($obj_Product->Description) . "'" . ");"; $rs = mysql_query($sql); if (mysql_affected_rows() > 0) { $obj_retresult->type = 1; $obj_retresult->msg = "success"; $obj_retresult->data = $obj_Product; } else { $obj_retresult->type = 0; $obj_retresult->msg = "failed"; } return $obj_retresult; }