|
Posted by Greg Donald on 09/27/38 11:24
On 8/20/05, Andras Kende <andras@kende.com> wrote:
> I would like to create the mysql insert query for my html form fields,
> I have a small problem it will have an extra , at the end of $sqlstruct
> And extra "" at $sqldata..
>
> Anyone can give a hint ?
>
> ////////////
> foreach ($_POST as $variable=>$value){
> $sqlstruct.=$variable",";
> $sqldata.=$value."\"','\"";
> }
>
> $query="insert into db ($sqlstruct) VALUES ($sqldata)";
$k = implode( ',', array_keys( $_POST ) );
$v = implode( ',', array_values( $_POST ) );
$sql = "INSERT INTO db ( $k ) VALUES ( $v )";
I'd never do something like this though, just begs for SQL injection.
--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/
Navigation:
[Reply to this message]
|