Related Topics
No topics are associated with this blog
Function to make inserting new rows into a database table easier (and safe because quote_smart logic is included inline)
thanks to R. Bradley @ php.net; I have fixed a number of bugs and added quote_smart functionality
My own contribution to php.net is here: george at georgefisher dot com
<?php
function mysql_insert_assoc ($my_table, $my_array) {
//
// Insert values into a MySQL database
// Includes quote_smart code to foil SQL Injection
//
// A call to this function of:
//
// $val1 = "foobar";
// $val2 = 495;
// mysql_insert_assoc("tablename", array(col1=>$val1, col2=>$val2, col3=>"val3", col4=>720));
//
// Sends the following query:
// INSERT INTO tablename (col1, col2, col3, col4) values ('foobar', 495, 'val3', 720)
//
global $db_link;
// Find all the keys (column names) from the array $my_array
$columns = array_keys($my_array);
// Find all the values from the array $my_array
$values = array_values($my_array);
// quote_smart the values
$values_number = count($values);
for ($i = 0; $i < $values_number; $i++)
{
$value = $values[$i];
if (get_magic_quotes_gpc()) { $value = stripslashes($value); }
if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value, $db_link) . "'"; }
$values[$i] = $value;
}
// Compose the query
$sql = "INSERT INTO $my_table ";
// create comma-separated string of column names, enclosed in parentheses
$sql .= "(" . implode(", ", $columns) . ")";
$sql .= " values ";
// create comma-separated string of values, enclosed in parentheses
$sql .= "(" . implode(", ", $values) . ")";
$result = @mysql_query ($sql)
OR die ("<br />\n<span style=\"color:red\">Query: $sql UNsuccessful :</span> " . mysql_error() . "\n<br />");
return ($result) ? true : false;
}
?>
mysql_update_assoc is a similar function that updates existing records.
Also thanks to https://centricle.com/tools/html-entities/ for encoding
Originally published: Monday, April 20, 2009; most-recently modified: Monday, June 04, 2012