开发者

php function array argument manipulation

问答 作者:

i am making insert function that takes $table argument and $cols(as array)argument. it inserts into given table given values:

$db->query("inse开发者_StackOverflow中文版rt into $table({$cols[0]},{$cols[1]}) values('{$_POST[{$cols[0]}]}','{$_POST[{$cols[1]}]})");

this is all nice except i don't how long array is. how to do this??

One thing you haven't done is escaped the SQL using the correct escaping mechanism.

$postCols = $_POST['cols']; 

foreach($postCols as &$col) {
    $col = '"' . mysql_real_escape_string($col) . '"';
}

$db->query("insert into $table(" . implode(',', $cols) . ") values(" . implode(',', $postCols . ");

I would just use some foreach loops 

<?php
  $sql = "INSERT INTO $table (";
  foreach ($cols as $col)
      $sql .= "`$col`,";
  $sql = substr($sql,0,-1);
  $sql .= ") VALUES(";
  foreach ($cols as $col)
      $sql .= "'".$_POST[$col]."',";
  $sql = substr($sql,0,-1);
  $sql .= ");";

  echo $sql;
?>

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9