Re: [PHP] build sql query struture and values from form fields — PHP

You are here: Re: [PHP] build sql query struture and values from form fields « PHP « IT news, forums, messages

Posted by Greg Donald on 10/04/38 11:24

On 8/20/05, Andras Kende <andras@kende.com> wrote:
> I would like to create the mysql insert query for my html form fields,
> I have a small problem it will have an extra , at the end of $sqlstruct
> And extra "" at $sqldata..
>
> Anyone can give a hint ?
>
> ////////////
> foreach ($_POST as $variable=>$value){
> $sqlstruct.=$variable",";
> $sqldata.=$value."\"','\"";
> }
>
> $query="insert into db ($sqlstruct) VALUES ($sqldata)";

$k = implode( ',', array_keys( $_POST ) );
$v = implode( ',', array_values( $_POST ) );

$sql = "INSERT INTO db ( $k ) VALUES ( $v )";

I'd never do something like this though, just begs for SQL injection.

--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/

Navigation:

Next in forum: Re: [PHP] preg_match
Prev in forum: build sql query struture and values from form fields
Thread view: Re: [PHP] build sql query struture and values from form fields

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация