[SOLVED] Using $_POST

[ksmatthews]

Hi all,

 

I need to create some huge forms. When it comes to the backend submission, the SQL insert becomes large

and cumbersome.

 

Is there an easier way to insert a large amount of POSTED data without having to explicitely refer to each

and every form variable by name when creating the SQL insert string ?

 

I have tried code like this

 

$values = serialize($_POST);

$SQL = 'insert into mytable values (' .$values. ')';

 

but that does not work ...

 

How can I access each and every form field in $_POST without referring to names ?

 

regards,

 

Steven M

 

[ignace]

Use this:

http://www.phpfreaks.com/forums/index.php/topic,261112.msg1229397.html#msg1229397

 

This allows you to split your form up into steps and end perform the process on the last step.

 

It needs one fix though:

$_POST = array_merge($_SESSION['_POST'], $_POST);

[patrickmvi]

An easy way to do what you're asking would be to just loop through the $_POST array provided that each item in the $_POST array corresponds to a field in your DB.  This is how I would approach it:

 

$field_sql = "";
$value_sql = "";

foreach($_POST AS $name => $value)
{
$field_sql .= $name . ",";
$value_sql .= "'" . $value . "',";
}

$sql = "INSERT INTO table (" . rtrim($field_sql, ",") . ") VALUES (" . rtrim($value_sql, ",") . ")";
mysql_query($sql);

 

Now this is a bit general, you'd want to do any kind of input filtering within the foreach loop itself such as addslashes, etc.

[ksmatthews]

Thanks patrickmvl,

 

That works a treat ...

 

You learn something new every day,

 

regards,

 

Steven M