Re: [php-list] Mysql Insert Problem

Mon, 17 Jul 2006 19:48:03 -0700 

please (!) be paranoid and use mysql_real_escape_string() on every variable 
you are inserting into a mysql command!

example:

function save_record($table,$data,$fieldlist)
{
  $fieldlist=preg_replace("/[^A-Za-z0-9_]+/"," ",$fieldlist);
  $fields=preg_split("/[ ]+/",trim($fieldlist));

  $sql="insert into $table (".implode($fields,', ').") values (";

  $values=array();
  foreach ($field as $field)
  {
    if (in_array($data,$field))
      $value=mysql_real_escape_string($data[$field]);
    else
      $value='';

    if ($value+0>0 || $value===0 || $value===0.0)
      $values[]=$value;
    else
      $values[]="'$value'"
  }
  $sql.=implode($values,", ");
  $sql.=")";
  mysql_query($sql);
  return mysql_affected_rows();
} // save_record()

usage:

save_record('Players','fname,lname,address,city,state,zip,phhome,phcell,phwork,other,email',$_POST)


tht
----- Original Message ----- 
From: "Wade Smart" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, July 04, 2006 1:24 AM
Subject: [php-list] Mysql Insert Problem


> 07032006 1818 GMT-6
>
> I have this insert statement that Im working with and Im getting an
> error that says...
>
> "You have an error in you SQL syntax near 'Revere Street'.
> That is the address. Oddly, it took off the numbers of the street.
> Is inserting into a varchar thats 20 in size, more than enough.
>
> $query = 'INSERT INTO Players (fname, lname, address, city, state, zip, 
> phhome, phcell, phwork, other, email)';
> $query .='VALUES (';$query .=' '.$_POST['fname'].', '.$_POST['lname'].', 
> '.$_POST['address'].',';
> $query .=' '.$_POST['city'].', '.$_POST['state'].', '.$_POST['zip'].',';
> $query .=' '.$_POST['phhome'].', '.$_POST['phcell'].',';
> $query .=' '.$_POST['phwork'].', '.$_POST['other'].', '.$_POST['email'].' 
> ';
> $query .=' )';
>
> 






Community email addresses:
  Post message: [email protected]
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]
  List owner:   [EMAIL PROTECTED]

Shortcut URL to this page:
  http://groups.yahoo.com/group/php-list 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/php-list/

<*> To unsubscribe from this group, send an email to:
    [EMAIL PROTECTED]

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Reply via email to