Re: Smarter way to extract data from FORM and save to DB?
- From: "Rik Wasmus" <luiheidsgoeroe@xxxxxxxxxxx>
- Date: Sat, 09 Feb 2008 09:10:37 +0100
On Fri, 08 Feb 2008 09:57:04 +0100, Gilles Ganault <nospam@xxxxxxxxxx> wrote:
Hello
Out of curiosity, is there a smarter, easier way to read data sent by
a form, and save them into a database? I have about 20 fields, and
it'd be easier if I could just use a loop to go through an array and
generate the SQL query in a couple of lines:
======
//If 'id' set -> update; Otherwise -> insert
if($_POST['id'])
$sql = sprintf("UPDATE $table SET name='%s', tel='%s' WHERE
id=%s",$_POST['name'],$_POST['tel'],$_POST['id']);
else
$sql = sprintf("INSERT INTO $table (id,name,tel) VALUES
(NULL,'%s','%s')",$_POST['name'],$_POST['tel']);
======
A safer way would be prepared statements. This code is, seeing to the use of sprintf(), very easily altered to use those.
--
Rik Wasmus
.
- References:
- Smarter way to extract data from FORM and save to DB?
- From: Gilles Ganault
- Smarter way to extract data from FORM and save to DB?
- Prev by Date: Re: Smarter way to extract data from FORM and save to DB?
- Next by Date: [Windows] Packaging SimpleHTTPd and PHP?
- Previous by thread: Re: Smarter way to extract data from FORM and save to DB?
- Next by thread: nuSOAP/SOAP extension complex type problems
- Index(es):
Relevant Pages
|
