Jump to content

Recommended Posts

Maybe padding isn't the right word. Right now, as part of my DB class, I'm working on a string constructor method, constructing query string from an array.

 

$array['values'] is an assoc array where the key is the field and the value is the value being updated.

 

Here is what I'm using:

 

$query_string[] = 'INSERT INTO';
$query_string[] = $array['table'];
$query_string[] = '('.implode(', ', array_keys($array['values'])).')';
$query_string[] = 'VALUES';
$query_string[] = '('.implode(', ', array_values($array['values'])).')';

 

and this is what I get:

 

INSERT INTO image (path, timestamp, mime-type, tags) VALUES (images/example.jpeg, 1212627793, image/jpeg, test)

 

Now, this looks ok but I'm missing ticks and single quotes and this is causing issues. It would be easy if I didn't need that VALUES part of the string. Does anyone have any suggestions how I can wrap some ticks around the fields and single quotes around the values?

There's a lot of ways to do this - in your class they should have taught you how they expect you to do it.

 

If you want to add single quotes to each variable, just add them at the start and end of the string following VALUES, as well as inside the implode().  That will put quotes around EVERY variable, which may not be what they are expecting you to do, but it'll work.

 

Are they expecting you to use mysql_escape_string() as well?  If so, you'll need to call that on each value from the array.

Oops, I misunderstood the word "class" :)

 

In that case, make sure you've called mysql_escape_string() somewhere.  Otherwise you will run into trouble when a quote appears inside one of your strings.

 

For quoting, you need to quote all strings, but you don't need to quote numbers.  So ideally you would decide what to do based on the type of the variable.  But that's not always easy to do, as PHP typically doesn't have the database schema easily available to it.  Quoting everything will work, unless you are using functions like now(), which can't be quoted.  That's when things get messy :)

try

$query_string[] = 'INSERT INTO';
$query_string[] = $array['table'];
$query_string[] = '(`'.implode('`, `', array_keys($array['values'])).'`)';
$query_string[] = 'VALUES';
$query_string[] = "('".implode("', '", array_values($array['values']))."')";

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.