Granted, this is mostly a mysql question, but I think understanding the
Php makes it easy to understand why my question is necessary.
I'm writing a Php loop to create INSERT and UPDATE queries from $_POST
data. All posted variables have to use the same name as the respective
column in the database for this to work. I also have know what the
primary - auto increment column is so I do not try to insert or update it.
-----------------------------------------
// First "clean" and Put all POST vars into array $safe_values
// Then ...
$cols_result = mysql_query("SH OW COLUMNS FROM `table_1`", $link);
$query = 'INSERT INTO `table_1` SET';
while ($cols_row=mysq l_fetch_array($ cols_result))
{
if ($cols_row['Field'] == 'table_1_id' // the auto_increment primary key
continue;
$query .= "\n
{$cols_row['Field']}='{$safe_value s[$cols_row['Field']]}',";
}
$query = substr($query, 0, -1); // remove last comma
mysql_query($qu ery, $link);
------------------------------------
(The \n's is merely to "beautify" the query if I want to echo it within
<pretags or using nl2br.)
I need to quote every value I insert, even if it is an integer, in case
it does not exist. What I want to know is if there is any problem with
quoting the integer values as well as the strings. My guess is no
(INSERTS and UPDATES work). I just want to be sure I'm not creating
unknown or unforeseen problems for myself.
--
*************** **************
Chuck Anderson • Boulder, CO
Nothing he's got he really needs
Twenty first century schizoid man.
*************** *************** *****
Php makes it easy to understand why my question is necessary.
I'm writing a Php loop to create INSERT and UPDATE queries from $_POST
data. All posted variables have to use the same name as the respective
column in the database for this to work. I also have know what the
primary - auto increment column is so I do not try to insert or update it.
-----------------------------------------
// First "clean" and Put all POST vars into array $safe_values
// Then ...
$cols_result = mysql_query("SH OW COLUMNS FROM `table_1`", $link);
$query = 'INSERT INTO `table_1` SET';
while ($cols_row=mysq l_fetch_array($ cols_result))
{
if ($cols_row['Field'] == 'table_1_id' // the auto_increment primary key
continue;
$query .= "\n
{$cols_row['Field']}='{$safe_value s[$cols_row['Field']]}',";
}
$query = substr($query, 0, -1); // remove last comma
mysql_query($qu ery, $link);
------------------------------------
(The \n's is merely to "beautify" the query if I want to echo it within
<pretags or using nl2br.)
I need to quote every value I insert, even if it is an integer, in case
it does not exist. What I want to know is if there is any problem with
quoting the integer values as well as the strings. My guess is no
(INSERTS and UPDATES work). I just want to be sure I'm not creating
unknown or unforeseen problems for myself.
--
*************** **************
Chuck Anderson • Boulder, CO
Nothing he's got he really needs
Twenty first century schizoid man.
*************** *************** *****
Comment