I've never really understood if it's ok to do mysql inserts / updates by chunking through an array and using variable variables - I seem to remember Laserlight advised against it but I cant find the post
so here's my code - please comment!
// build array that I'll use for other things so ignore explicit titles
$variables = array(
'adm_fname' => 'First name',
'adm_lname' => 'Last name',
'adm_uname' => 'Username',
'adm_co' => 'Company',
'adm_priv' => 'Access level',
'adm_tel' => 'Telephone',
'adm_mobile' => 'Mobile',
'adm_email' => 'Email'
);
// now build sql strings
if ($adm_id) {
$sql = "UPDATE admin_usr SET ";
$v=0;
foreach ($variables as $variable => $title) {
if($v) $sql.= ', ';
$sql.= "$variable = '".mysql_escape_string(trim($_REQUEST[$variable]))."' ";
$v++;
}
$sql.=" WHERE adm_id=$adm_id";
} else {
$sql = "INSERT INTO admin_usr ( ";
$v=0;
foreach ($variables as $variable => $title) {
if($v) $sql.= ', ';
$sql.= $variable;
$v++;
}
$sql.= " ) VALUES ( ";
$v=0;
foreach ($variables as $variable => $title) {
if($v) $sql.= ', ';
$sql.= "'".mysql_escape_string(trim($_REQUEST[$variable]))."'";
$v++;
}
$sql.= " )";
}
// then do the mysql query..