Help! - Need alternative way of adding to database

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
mhouldridge
Forum Contributor
Posts: 267
Joined: Wed Jan 26, 2005 5:13 am

Help! - Need alternative way of adding to database

Post by mhouldridge »

Hi,

My current way of adding data to database using a posting page to this script is as follows;

Code: Select all

$query = "INSERT INTO dedicated(asset, title, customer, type, serial, IP, IP2, IP3, IP4, IP5, IP6, IP7, IP8, IP9, IP10, location, os, oslicense, oemfull, processor, memory, motherboard, disksize, graphics, networkcard, software, software2, software3, software4, software5, software6, software7, software8, software9, software10, license, license2, license3, license4, license5, license6, license7, license8, license9, license10, software11, software12, software13, software14, software15, software16, software17, software18, software19, siftware20, license11, license12, license13, license14, license15, license16, license17, license18, license19, license20, value ) 
VALUES('".$_POST['asset']."','".$_POST['title']."','".$_POST['customer']."','".$_POST['type']."','".$_POST['serial']."','".$_POST['IP']."','".$_POST['IP2']."','".$_POST['IP3']."','".$_POST['IP4']."','".$_POST['IP5']."','".$_POST['IP6']."','".$_POST['IP7']."','".$_POST['IP8']."','".$_POST['IP9']."','".$_POST['IP10']."','".$_POST['location']."','".$_POST['os']."','".$_POST['oslicense']."','".$_POST['oemfull']."','".$_POST['processor']."','".$_POST['memory']."','".$_POST['motherboard']."','".$_POST['disksize']."','".$_POST['graphics']."','".$_POST['networkcard']."','".$_POST['software']."','".$_POST['software2']."','".$_POST['software3']."','".$_POST['software4']."','".$_POST['software5']."','".$_POST['software6']."','".$_POST['software7']."','".$_POST['software8']."','".$_POST['software9']."','".$_POST['software10']."','".$_POST['license']."','".$_POST['license2']."','".$_POST['license3']."','".$_POST['license4']."','".$_POST['license5']."','".$_POST['license6']."','".$_POST['license7']."','".$_POST['license8']."','".$_POST['license9']."','".$_POST['license10']."','".$_POST['software11']."','".$_POST['software12']."','".$_POST['software13']."','".$_POST['software14']."','".$_POST['software15']."','".$_POST['software16']."','".$_POST['software17']."','".$_POST['software18']."','".$_POST['software19']."','".$_POST['software20']."','".$_POST['license11']."','".$_POST['license12']."','".$_POST['license13']."','".$_POST['license14']."','".$_POST['license15']."','".$_POST['license16']."','".$_POST['license17']."','".$_POST['license18']."','".$_POST['license19']."','".$_POST['license20']."','".$_POST['value']."')";
$result = mysql_query($query);
mysql_close($db);

This looks like a messy way of doing things, here is a neater one that I am trying to get working, but failing to do so. Please help..

Code: Select all

$query = "INSERT INTO dedicated ".
"asset= \"".$_POST["asset"]."\",".
"title= \"".$_POST["title"]."\",".
"customer= \"".$_POST["customer"]."\",".
"type= \"".$_POST["type"]."\",".
"serial= \"".$_POST["serial"]."\",".
"os= \"".$_POST["os"]."\",".
"oslicense= \"".$_POST["oslicense"]."\",".
"oemfull= \"".$_POST["oemfull"]."\",".
"processor= \"".$_POST["processor"]."\",".
"memory= \"".$_POST["memory"]."\",".
"IP= \"".$_POST["IP"]."\",".
"disksize= \"".$_POST["disksize"]."\",".
"graphics= \"".$_POST["graphics"]."\",".
"networkcard= \"".$_POST["networkcard"]."\",".
"software= \"".$_POST["software"]."\",".
"software2= \"".$_POST["software2"]."\",".
"software3= \"".$_POST["software3"]."\",".
"software4= \"".$_POST["software4"]."\",".
"software5= \"".$_POST["software5"]."\",".
"software6= \"".$_POST["software6"]."\",".
"software7= \"".$_POST["software7"]."\",".
"software8= \"".$_POST["software8"]."\",".
"software9= \"".$_POST["software9"]."\",".
"software10= \"".$_POST["software10"]."\",".
"license= \"".$_POST["license"]."\",".
"license2= \"".$_POST["license2"]."\",".
"license3= \"".$_POST["license3"]."\",".
"license4= \"".$_POST["license4"]."\",".
"license5= \"".$_POST["license5"]."\",".
"license6= \"".$_POST["license6"]."\",".
"license7= \"".$_POST["license7"]."\",".
"license8= \"".$_POST["license8"]."\",".
"license9= \"".$_POST["license9"]."\",".
"license10= \"".$_POST["license10"]."\",".
"license11= \"".$_POST["license11"]."\",".
"license12= \"".$_POST["license12"]."\",".
"license13= \"".$_POST["license13"]."\",".
"license14= \"".$_POST["license14"]."\",".
"license15= \"".$_POST["license15"]."\",".
"license16= \"".$_POST["license16"]."\",".
"license17= \"".$_POST["license17"]."\",".
"license18= \"".$_POST["license18"]."\",".
"license19= \"".$_POST["license19"]."\",".
"license20= \"".$_POST["license20"]."\",".
"location= \"".$_POST["location"]."\",".
"value= \"".$_POST["value"]."\",".
"value2= \"".$_POST["value2"]."\",".
"motherboard= \"".$_POST["motherboard"]."\"";
mysql_query($query);
mysql_close($db);
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

There are a couple ways of handling this problem. I believe you are looking for something along these lins but I would probably have an array of pre-defined input field names to make sure everything is where it is supposed to. You should have some form of validation done aswell if you are taking content directly from a form -- just to be safe. Never trust any content coming from the outside world. :wink:

Code: Select all

$sql = 'INSERT INTO `dedicated` SET ';

$i = 0;
foreach ($_POST as $fieldname => $value) {
  if (!empty($_POST[$fieldname])) {
    $sql .= '`\''.$fieldname.'` = \''.mysql_real_escape_string($value).'\'';
    if (count($_POST) != $i ? $sql .= ', ', '');
  }
  $i++;
}
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

I've already given this example... Usually it goes like this:

Code: Select all

$allowed = ('col1', 'col2', 'col3');

foreach($allowed as $col)
{
  if (isset($_POST[$col]))
  {
    // add to query
  }
}
Post Reply