Decoding the query string array

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • davidv
    #1

    Decoding the query string array

    I am building a very simple form that takes text and inserts data in a
    MySQL db.

    I would like my "logic" to simply insert the value in to the field in
    the database that matches the name from the query string.

    Here's the question- can I do this if I do not know how many name/value
    pairs are passed to the "logic" ? Can I just step through the $_POST
    array and use a do while $i <= count($_POST) or something?

    I have tried this but for some reason I cannot get a number back from
    the $_POST array. I am also confused about how the $_POST array is
    constructed. How do I reference name/value pair $_POST[0,1,2 etc...] get
    their "names" and "values" in to variables so I can accomplish the
    INSERT SQL(e.g. $name = $_POST[0,0]; $value = $_POST[0,1]; [INSERT
    $value INTO $name];- The MySQL fields will match $name)?

    Thanks in advance.

    David

    Tags: $_post[0]
    • Randell D.
      #2
      Re: Decoding the query string array


      "davidv" <eigenstates@ya hoo.com> wrote in message
      news:WB2dneUW5a 9aEwSiXTWc-g@speakeasy.net ...[color=blue]
      > I am building a very simple form that takes text and inserts data in a
      > MySQL db.
      >
      > I would like my "logic" to simply insert the value in to the field in
      > the database that matches the name from the query string.
      >
      > Here's the question- can I do this if I do not know how many name/value
      > pairs are passed to the "logic" ? Can I just step through the $_POST
      > array and use a do while $i <= count($_POST) or something?
      >
      > I have tried this but for some reason I cannot get a number back from
      > the $_POST array. I am also confused about how the $_POST array is
      > constructed. How do I reference name/value pair $_POST[0,1,2 etc...] get
      > their "names" and "values" in to variables so I can accomplish the
      > INSERT SQL(e.g. $name = $_POST[0,0]; $value = $_POST[0,1]; [INSERT
      > $value INTO $name];- The MySQL fields will match $name)?
      >
      > Thanks in advance.
      >
      > David
      >[/color]

      First off - you ought to becareful writing $_POST data to the database
      without first ensuring that its clean. Do you have magic_quotes on (its on
      by default I think). Secondly, I have all my db values sent through
      trim() - This removes excess space either side of your values, including any
      null characters (I don't fully understand the latter other than believing
      that some hacks can be performed with buffer overruns which (I believe, I
      could be wrong) is performed by passing commands beyond null characters
      (again, dunno how its done but believe I'm preventing such a hack from
      happening by using trim().

      Secondly... You need to know how an associated array works...

      If you have a text field in HTML like so:

      <input type=text name=firstname>

      and it is submitted in a form, your $_POST will have a variable
      $_POST['firstname']

      If you're ever unsure about what has been passed, have your form posted to a
      script that calls phpinfo(); and examine the output.

      Secondly...

      I'm new to MySQL but I have written a script that takes my HTML field/box
      names and passes them to an insert in the correct order.... you have to be
      careful with this.

      I suggest that you first get to know arrays, single and multipe dimensional
      and be sound on manipulating them before you think about writing them to the
      database... You've not been entirely clear with your request, but I think I
      know what you are trying to do... this is possible... but unless you read up
      a little more, you could end up writing a script that you rely on, but
      unable to support...



        Comment

        • Steve
          #3
          Re: Decoding the query string array

          I think this may be what you're looking for (note this is off the top
          of my head and may require some work on your part :)

          $query = "INSERT INTO mytable (";
          $q3 = ") VALUES (";
          $q5 = ")";

          while(list($key ,$value)=explod e($_POST)){

          //Break $_POST into key,value pairs and iterate through the array

          $key=trim(chop( $key)); //Clean off White Space
          $value=trim(cho p($value));
          $q2 .="$key,"; //concatenate key to q2
          $q4 .="'$value'," ; //concatenate value to q4
          }
          substr_replace( $q2,"",strlen($ q2)); //Get rid of that extra comma at
          the end of q2
          $q3= substr_replace( $q3,"",strlen($ q3));//Get rid of that extra comma
          at the end of q3

          $query .=$q2.$q3.$q4.$ q5; //Add it all together
          $result = mysql_query($qu ery)
          or die("Error: ".mysql_errno() ." ".mysql_error() ." while trying
          $query"); //Give me my result or die, damn you die! Muhahaha!!!

          Note the comments were added for effect :)

          Hope that helps (Hope it's correct to :)




          davidv <eigenstates@ya hoo.com> wrote in message news:<WB2dneUW5 a9aEwSiXTWc-g@speakeasy.net >...[color=blue]
          > I am building a very simple form that takes text and inserts data in a
          > MySQL db.
          >
          > I would like my "logic" to simply insert the value in to the field in
          > the database that matches the name from the query string.
          >
          > Here's the question- can I do this if I do not know how many name/value
          > pairs are passed to the "logic" ? Can I just step through the $_POST
          > array and use a do while $i <= count($_POST) or something?
          >
          > I have tried this but for some reason I cannot get a number back from
          > the $_POST array. I am also confused about how the $_POST array is
          > constructed. How do I reference name/value pair $_POST[0,1,2 etc...] get
          > their "names" and "values" in to variables so I can accomplish the
          > INSERT SQL(e.g. $name = $_POST[0,0]; $value = $_POST[0,1]; [INSERT
          > $value INTO $name];- The MySQL fields will match $name)?
          >
          > Thanks in advance.
          >
          > David[/color]

            Comment

            Previous template Next
            Working...