Posted by Greg Donald on 10/20/38 11:24

On 8/20/05, Andras Kende <andras@kende.com> wrote:
> I would like to create the mysql insert query for my html form fields,
> I have a small problem it will have an extra , at the end of $sqlstruct
> And extra "" at $sqldata..
>
> Anyone can give a hint ?
>
> ////////////
> foreach ($_POST as $variable=>$value){
> $sqlstruct.=$variable",";
> $sqldata.=$value."\"','\"";
> }
>
> $query="insert into db ($sqlstruct) VALUES ($sqldata)";

$k = implode( ',', array_keys( $_POST ) );
$v = implode( ',', array_values( $_POST ) );

$sql = "INSERT INTO db ( $k ) VALUES ( $v )";

I'd never do something like this though, just begs for SQL injection.


--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/

[Back to original message]