jargen Posted February 12, 2017 Share Posted February 12, 2017 Hey guys Slightly lost on how to do this one. Im trying to make a function which will insert data into a MySQL table. But im trying to make it universal, so i can use the same function for any part of the application, so theres only one mysql query i need to secure, rather then hundreds across the entire site. I know how i can make it go to the right table and such, my problem is how do i make it add the array of values to insert, when i have no idea how long it will be? Struggling to find a clear method online Quote Link to comment https://forums.phpfreaks.com/topic/303176-mysqli-insert-array-using-prepared-statements/ Share on other sites More sharing options...
Jacques1 Posted February 12, 2017 Share Posted February 12, 2017 This is going to make your security worse, not better, because generating entirely dynamic queries is a nontrivial task which has failed many times even in big projects. My advice is: Just don't. If you find mysqli too cumbersome, switch to PDO. Quote Link to comment https://forums.phpfreaks.com/topic/303176-mysqli-insert-array-using-prepared-statements/#findComment-1542665 Share on other sites More sharing options...
jargen Posted February 12, 2017 Author Share Posted February 12, 2017 This is going to make your security worse, not better, because generating entirely dynamic queries is a nontrivial task which has failed many times even in big projects. My advice is: Just don't. If you find mysqli too cumbersome, switch to PDO. My concern is simply the fact, that a new security feature will come out, or something which you are advised to add. Like when mysqli was added and preparing statements (Compared to just using escape string before). I could have potentially hundreds of queries to lock down instead of one. What do you suggest in regards to that? Quote Link to comment https://forums.phpfreaks.com/topic/303176-mysqli-insert-array-using-prepared-statements/#findComment-1542666 Share on other sites More sharing options...
Jacques1 Posted February 12, 2017 Share Posted February 12, 2017 mysqli was introduced 13(!) years ago, so it's not like they add a new feature every week. If you want your code to last many decades without ever being touched, web development isn't really the right industry. The best you can probably do right now is use PDO. It's a universal database interface which covers all mainstream SQL systems, so it won't go away anytime soon. Quote Link to comment https://forums.phpfreaks.com/topic/303176-mysqli-insert-array-using-prepared-statements/#findComment-1542668 Share on other sites More sharing options...
jargen Posted February 12, 2017 Author Share Posted February 12, 2017 Thanks for all the help mate, just re-coded it to PBO. Quote Link to comment https://forums.phpfreaks.com/topic/303176-mysqli-insert-array-using-prepared-statements/#findComment-1542671 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.