INSERT and array

Darkmatter5 · November 12, 2008

I have page with 5 text_boxes (firstname, lastname, email, password and con_password) with a submit button below.

Here's the code run if the button is pressed.

                <?php
                    $conn=mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
                    mysql_select_db($dbnameprim);
                    $pagedb="members";
                    
                    if (isset($_POST['save'])) {
                        $values['member_id']=$_SESSION['member_id'];
                        if(isset($_POST['firstname'])) { $values['firstname']=$_POST['firstname'];}
                        if(isset($_POST['lastname'])) { $values['lastname']=$_POST['lastname'];}
                        if(isset($_POST['email'])) { $values['email']=mysql_real_escape_string($_POST['email']);}
                        if(isset($_POST['password']) && isset($_POST['con_password'])) {
                            if($_POST['password']==$_POST['con_password']) {
                                $values['password']=md5($_POST['password']);
                            }
                        }
                        $field_values=join(", ",$values);
                        /*$values=join(", ", $field_value);
                  //insert data into table
                  $insertdata="INSERT INTO $dbname.clients ($fields) VALUES ($values)";
                  mysql_query($insertdata) or die(mysql_error() .": $insertdata");
                        $insert=mysql_query("INSERT
                                             INTO $pagedb
                                             VALUES
                                             ) or die(mysql_error())*/
                    }
                    print_r($field_values);
                    
                    mysql_close($conn);
                ?>

How can I use this or something better to insert the data into a database record? How can I define the field names and only if the text box is not empty? This output actually looks like regardless of the text boxes being empty the array elements are still created as this is the output.

22, , , ,

If I don't fill anything out I thought it should output "22".

Help please.

premiso · November 12, 2008

Not the cleanest but this would work given that the array key is also the column name:

<?php

                        // removed for wrong version $field_values=join(", ",$values);
                        foreach ($values as $key => $val) {
                               $keys[] = "`" . $key . "`";
                               $vals[] = "'" . $val . "'";
                       }
                       $field_values = implode(", ", $val);
                       $field_cols = implode(", ", $col);
                       $sql = "INSERT INTO table_name (" . $field_cols . ") VALUES ( " . $field_values . " )";
?>

Like I said not the cleanest but should do the job.

Darkmatter5 · November 12, 2008

In regards to making it cleaner, what would you suggest?

premiso · November 12, 2008

Honestly, right now I cannot think of a way to do it better/cleaner, I am sure someone might. Although I do see something I would do.

Instead of escaping the data here like so:

if(isset($_POST['email'])) { $values['email']=mysql_real_escape_string($_POST['email']);}

I would do this:

<?php

                        // removed for wrong version $field_values=join(", ",$values);
                        foreach ($values as $key => $val) {
                               $keys[] = "`" . $key . "`";
                               $vals[] = "'" . mysql_real_escape_string($val) . "'";
                       }
                       $field_values = implode(", ", $val);
                       $field_cols = implode(", ", $col);
                       $sql = "INSERT INTO table_name (" . $field_cols . ") VALUES ( " . $field_values . " )";
?>

wildteen88 · November 12, 2008

I'll take this approach to generating sql queries based on input from a form.

<?php

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die('Error connecting to mysql');
mysql_select_db($dbnameprim);

$pagedb = "members";

function make_safe($value)
{
    if(is_numeric($value))
    {
        $value = (int) $value;
    }
    elseif(is_string($value))
    {
        $value = "'" . mysql_real_escape_string($value) . "'";
    }

    return $value;
}

// list form fields to be inserted into the database
$fields = array('firstname', 'lastname', 'password', 'email');
$db = null;


if (isset($_POST['save']))
{
    // list through the $fields array
    foreach($fields as $field)
    {
        // check to make sure the field exists in the $_POST array
        // and that the value is not empty
        if(isset($_POST[$field]) && trim($_POST[$field]) != '')
        {
            // populate the $db array
            $db['fields'][] = $field;
            $db['values'][] = make_safe($_POST[$field]);
        }
    }
    if(is_array($db))
    {
        /// generate our query!
        $sql = "INSERT INTO `$dbname.clients` (`".implode('`, `', $db['fields']).') VALUES ('.implode(', ', $db['values']).')';
        mysql_query($sql) or die(mysql_error() .": $sql");
    }
}

mysql_close($conn);

?>

Sign In

INSERT and array

Recommended Posts

Darkmatter5

Link to comment

Share on other sites

premiso

Link to comment

Share on other sites

Darkmatter5

Link to comment

Share on other sites

premiso

Link to comment

Share on other sites

wildteen88

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information