sunziun Posted June 29, 2011 Share Posted June 29, 2011 Hello, I am new here and try to to learning PHP by doing. This code is in use for now and growing: $id=$_POST['id']; $fname=$_POST['fname']; $lname=$_POST['lname']; $dob=$_POST['dob']; $notes=$_POST['notes']; $class=$_POST['class']; $sql="UPDATE $table SET fname='$fname', lname='$lname', notes='$notes', dob='$dob', class='$class' WHERE id='$id'"; What is required to have the above code like this?: $input_arr = array(); foreach ($_POST as $key => $input_arr) { $_POST[$key] = addslashes($input_arr); } You see how small this is and its very effective Quote Link to comment Share on other sites More sharing options...
fugix Posted June 29, 2011 Share Posted June 29, 2011 What exactly do you mean "what is required?" the code you provide will work much the same as your first code, however the function addslashes() requires its parameter to be a string, not an array as you are trying to use.. Why exactly would you rather write it the second way? I personally would prefer the first way, much easier to distinguish between values Quote Link to comment Share on other sites More sharing options...
WebStyles Posted June 29, 2011 Share Posted June 29, 2011 do you mean you wish to dynamically create the query string based on whatever is posted? (assuming that $_POST[$key] has the same name as your database fields) ? $string = ''; foreach ($_POST as $key => $value) { $string .= $_POST[$key] ." = '".addslashes($value)."', "; } then you'll just need to strip the last comma off the string. Quote Link to comment Share on other sites More sharing options...
redixx Posted June 29, 2011 Share Posted June 29, 2011 Fixing WebStyles code: $string = ''; foreach ($_POST as $key => $value) { $string .= "`" . $key . "` = '".mysql_real_escape_string($value)."', "; // use mysqli_real_escape_string or mysqli::real_escape_string if you are using MySQLi } $string = rtrim($string, ', '); Quote Link to comment Share on other sites More sharing options...
WebStyles Posted June 29, 2011 Share Posted June 29, 2011 Fixing Redixx code: $string = ''; foreach ($_POST as $key => $value) { $string .= $key." = '".mysql_real_escape_string($value)."', "; // removed ] after $key } $string = rtrim($string, ', '); Quote Link to comment Share on other sites More sharing options...
WebStyles Posted June 29, 2011 Share Posted June 29, 2011 ah! you edited it out Quote Link to comment Share on other sites More sharing options...
sunziun Posted July 4, 2011 Author Share Posted July 4, 2011 I was thinking of something like this: $fn_sql="SELECT * FROM $table"; $fn_result=mysql_query($fn_sql); while($fn=mysql_fetch_field($fn_result)){ eval('$' . $fn->name . '=$_POST["' . $fn->name . '"];'); } this is working perfect. for an update query i need the second which contains fname='$name', lname='$lname' etc... to be generated automaticly like above. Quote Link to comment Share on other sites More sharing options...
TeNDoLLA Posted July 4, 2011 Share Posted July 4, 2011 It is just a terrible idea to use eval() like that, if you were getting some PHP syntax from your form fields by the user, all that code would be ran on your php server that the user wrote. There might be some VERY RARE situations why to use eval, but one should try to avoid it. For more info, google "eval is bad" or "eval is bad php". And eval() is also slow, so if you want to increase efficiency, last thing is to use eval(). Quote Link to comment Share on other sites More sharing options...
sunziun Posted July 11, 2011 Author Share Posted July 11, 2011 Hi TeNDoLLA, what do you suggest to this task automaticly (if possible)? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.