How to build a dynamic MySQL INSERT statement with PHP -
hello
part of form showing columns names mysql table (names of applications installed on computer) , creating form yes/no option or input type="text" box additional privileges application..
how can insert mysql table using post , mysql_query insert into?????
quantity of columns changing because there form adding applications with/without privileges..
<tr bgcolor=#ddddff>'; //mysql_query getting columns names $result = mysql_query("show columns employees") or die(mysql_error()); while ($row = mysql_fetch_array($result)) { //exclude these columns bcs these in other part of form if($row[0] == 'id' || $row[0] == 'nameandsurname' || $row[0] == 'department' || $row[0] == 'phone' || $row[0] == 'computer' || $row[0] == 'data') continue; echo '<td bgcolor=#ddddff>'.$row[0].'<br />'; if (stripos($row[0], "privileges") !== false) { echo '<td bgcolor=#ddddff><p><a class=hint href=#> <input type="text" name="'.$row[0].'"> <span>privileges "occupation" or "like someone"</span></a></p></td></tr>'; } else { echo '<td bgcolor=#ddddff align=center><select name="'.$row[0].'"> <option value = "no">no <option value = "yes">yes </td> </tr>'; } } trim($_post); // ???? $query = "insert 'employees' values (??)"; // ????
because you're not inserting columns, need dynamically build insert statement specify columns you're inserting into.
first, create array of columns want use. use both generate form , retrieve values
$exclude = array("id", "nameandsurname", "departument", "phone", "computer", "date"); $result = mysql_query("show columns employees") or die(mysql_error()); $columns = array(); while ($row = mysql_fetch_array($result)) { if (!in_array($row[0], $exclude) { $columns[] = $row[0]; } } render form $columns array:
foreach ($columns $column) { echo '<tr><td bgcolor="#ddddff">'.$column.'<br />'; if (stripos($column, "privileges") !== false) { echo '<p><a class="hint" href="#"> <input type="text" name="'.$column.'"> <span>privileges "occupation" or "like someone"</span></a>'; } else { echo '<select name="'.$column.'"> <option value = "no">no <option value = "yes">yes </select>'; } echo '</td></tr>'; } then, dynamically build insert string posted values columns. sure protect against sql injection:
$keys = array(); $values = array(); foreach ($columns $column) { $value = trim($_post[$column]); $value = mysql_real_escape_string($value); $keys[] = "`{$column}`"; $values[] = "'{$value}'"; } $query = "insert 'employees' (" . implode(",", $keys) . ") values (" . implode(",", $values. ");"; note: work better if select information_schema.columns can know type of column you're inserting into. way, won't have quote everything.
Comments
Post a Comment