Hey I thought I read a thread here that would allow me to name my form fields as the field names in my database and then insert them and their data into a database with a foreach.
I can't seem to figure out how to do this or if it is possible. Was trying to cut down on code in my form processing script.
Thanks
TOm
You would use the foreach on the $_POST to create your insert SQL. Of course after you verify the data is ok and there is no SQL injection cases.
yeah,
but to put it all on one query line is where I am having issues. what I have done in the past is implode the $keys and concat them but I am not sure how to apply it here when I want to make all the keys into a string. Do I have to put all the keys into their own array then implode the array. then enter the keys into the query?
Makes it pretty hard to varify any of the data, but something like...
foreach ($_POST as $key => $val) { $keys[] = $key; $vals[] = $val; } $k = implode(",",$keys); $v = implode("','",$vals); $sql = "INSERT INTO tbl ($k) VALUES ('$v');";
Thats it thanks.
Yeah it makes it hard to verify the data. Will have to rethink some security stuff. I am not too concerned with making sure that all the fields are filled as this is a simple signup and not something that will have sensitive data. but I am concerned if it opens up the database to attacks.
If you have PHP 5.1 use PDO and prepare your database queries. They take care of any sql injection for you.
