how i do wrong i want insert to db data from array:
$tabb = array(
'name' => 'test',
'login' => 'testt');
but i cant use SET, because end of query is char , .
public function insert($table, $values){
if($this->database){
print_r($values);
$we = 'INSERT INTO '. $table .' SET ';
foreach($values as $value => $key) {
$we .= ' ('. $value .' = "'. $key .'") ';
}
print $we;
mysql_query($we);
}
return true;
}
i do print $we:
INSERT INTO user SET (name = "test") (login = "testt")
not work, please help
php
I really recommend avoiding SET. It is far less common and given the choice between something which is uncommon and something which is common, always go with the common -- it means broader, faster, and better support by your community.
Here's how you'd approach that problem without it:
If you only have two columns in your USER table, you can simply use VALUES followed by a comma delineated list of data sets:
INSERT INTO user VALUES ("test","testt"),("test2","testt2")
Your function doesn't look like it is geared towards this, but it is a good thing to know either way.
But it looks like you are inserting by column name (a good idea in general):
INSERT INTO user (name, login) VALUES ("test","testt")
With PHP this becomes:
$items = array_map('mysql_real_escape_string', $values);
$items = '(\'' . implode( '\',\'', $items ) . '\')';
$q = 'INSERT INTO '.
$table .
// using implode with array_keys assumes that you know all of the keys
// ahead of time. If you don't, I MUST suggest your re-think your code
// omit the following line if you want to follow the first SQL example
' (' . implode( ',', array_keys( $values ) . ') '.
' VALUES ' .
$items;
public function insert($table, $values){
$fields = array();
$data = array();
foreach ($values as $key => $val) {
$fields[] = mysql_real_escape_string($key);
$data[] = mysql_real_escape_string($val);
}
$fields = implode(',', $fields);
$data = implode(',', $data)
$sql = "INSERT INTO $table ($fields) VALUES ($data);"
mysql_query($sql) or die(mysql_error());
}
public function insert($table, $values)
{
if($this->database)
{
print_r($values);
$we = 'INSERT INTO '. $table .' SET ';
$sep = '';
foreach($values as $value => $key)
{
$we .= $sep . ' ('. $value .' = "'. mysql_real_escape_string($key) .'") ';
$sep = ',';
}
print $we;
mysql_query($we);
}
return true;
}
Or, if you want to be tricky:
public function insert($table, $values)
{
if($this->database)
{
print_r($values);
$we = "insert into `".$table. "` (`". implode('`,`',array_keys($fields))."`) values ('".implode("','",array_map('mysql_real_escape_string', $fields))."');";
print $we;
mysql_query($we);
}
return true;
}
You need to seperate (name = "test") (login = "testt") with ", " between them (name = "test"), (login = "testt")
Another way is to do it is:
INSERT INTO user (name, login) VALUES ("test", "testt")
Related
Using this array:
$arr=array(
array('project','ProjectId','62c1553d'),
array('project','ProjectName','TEST JSON'),
array('Vendors','PrimeSpec','Fabspec'),
array('Vendors','VendorId','dd759c7f'),
array('Vendors','PrimeSpec','Vendor2'),
array('Vendors','VendorId','Vendor2ID'),
);
The desired result is:
INSERT INTO project (ProjectId,ProjectName) VALUES (62c1553d,'TEST JSON');
INSERT INTO Vendors (PrimeSpec,VendorId) VALUES ('Fabspec',dd759c7f);
INSERT INTO Vendors (PrimeSpec,VendorId) VALUES ('Vendor2',Vendor2ID);
But I'm losing PrimeSpec, Fabspec in the foreach loop - the output I'm getting is:
INSERT INTO project (ProjectId,ProjectName) VALUES (62c1553d,TEST JSON);
INSERT INTO Vendors (VendorId) VALUES (dd759c7f);
Here is my code:
function array2sql($arr){
$sql = '';
$fields = '';
$values = '';
$extable = $arr[0][0];
foreach( $arr as $line ) {
if ($extable == $line[0]) {
$fields .= $line[1].',';
$values .= $line[2].',';
} else {
$sql .= 'INSERT INTO ' . $extable . ' (' . rtrim($fields, ',') . ') VALUES (' . rtrim($values, ',') . ');';
$fields = '';
$values = '';
$extable = $line[0];
}
}
$sql .= 'INSERT INTO ' . $extable . ' (' . rtrim($fields, ',') . ') VALUES (' . rtrim($values, ',') . ');';
echo $sql;
return $arr;
}
array2sql($arr);
I don't understand why it's dropping the first set of data. Thanks for looking at this.
Consider the following simplified version of your array2sql function(using array_walk and array_column functions):
function array2sql($arr) {
$query_data = [];
$sql = "";
array_walk($arr, function($v) use(&$query_data) {
$query_data[$v[0]][$v[1]][] = $v[2];
});
foreach ($query_data as $table => $data) {
$keys = array_keys($data);
$key_string = implode(",", $keys);
$count = count($data[$keys[0]]); // number of values for a certain column
while ($count--) {
$value_string = "'". implode("','", array_column($data, $count)). "'";
$sql .= "INSERT INTO $table($key_string) VALUES($value_string);". PHP_EOL;
}
}
return $sql;
}
print_r(array2sql($arr));
The output:
INSERT INTO project(ProjectId,ProjectName) VALUES('62c1553d','TEST JSON');
INSERT INTO Vendors(PrimeSpec,VendorId) VALUES('Vendor2','Vendor2ID');
INSERT INTO Vendors(PrimeSpec,VendorId) VALUES('Fabspec','dd759c7f');
Seems to be resolved by changing the else statement to
$fields = $line[1].',';
$values = $line[2].',';
Try This
function array2sql($arr){
$sql = '';
$newArr = array();
foreach( $arr as $line ) {
$newArr[$line[0]][$line[1]] = $line[2];
}
foreach($newArr as $tblNam=>$value) {
$sql .= "INSERT INTO ".$tblNam." (`" . implode('`,`', array_keys($value)) . "`) VALUES ('" . implode("','", array_values($value)) . "') ";
}
echo $sql;
}
Because your tables are only receiving two columns of data each, array_chunk() can help to merge and prepare and compose the queries.
$arr=array(
array('project','ProjectId','62c1553d'),
array('project','ProjectName','TEST JSON'),
array('Vendors','PrimeSpec','Fabspec'),
array('Vendors','VendorId','dd759c7f'),
array('Vendors','PrimeSpec','Vendor2'),
array('Vendors','VendorId','Vendor2ID'),
);
// merge and prepare
foreach(array_chunk($arr,2) as $pair){
if(!isset($queries[$pair[0][0]]['columns'])){
$merge[$pair[0][0]]['columns']='`'.implode('`,`',array_column($pair,1)).'`';
}
$merge[$pair[0][0]]['values'][]="'".implode("','",array_column($pair,2))."'";
}
// compose queries
foreach($merge as $table=>$a){
$queries[$table]="INSERT INTO $table ({$a['columns']}) VALUES (".implode('),(',$a['values']).")";
}
print_r($queries);
/*
Array(
[project] => INSERT INTO project (`ProjectId`,`ProjectName`) VALUES ('62c1553d','TEST JSON')
[Vendors] => INSERT INTO Vendors (`PrimeSpec`,`VendorId`) VALUES ('Fabspec','dd759c7f'),('Vendor2','Vendor2ID')
)
*/
$mysqli->multi_query(implode(';',$queries));
while ($mysqli->next_result()) {;} // flush multi_queries
This method performs no escaping or security measures. If you want to use prepared statements and placeholders, a few modifications will be necessary.
For more details on how to write a full mysqli_multi_query() INSERT block, see this link: Strict Standards: mysqli_next_result() error with mysqli_multi_query
I have a script as below.
There are some values from $_POST to be inserted to database.
But it is not working.
Need your help.
<?
$field = array(Priority_Rank, Attending_Period, Priority_Point_Low, Priority_Point_High, Other_Consideration);
$fields = implode(',', $field);
$fieldpost = array();
for ($i=0; $i<count($field); $i++) {
$fieldpost[] = $_POST[$i]; }
$fieldposts = implode (',', $fieldpost);
$query1 = "INSERT INTO $maindb ($mainID, $fields) VALUES ('$seq',$fieldposts)";
mysql_query($query1); ?>
I found out that the problem is in VALUES(...,$fieldposts), because if I change the query become the below, it is working perfectly.
$query1 = "INSERT INTO $maindb ($mainID, $fields) VALUES ('$seq','$_POST[0]','$_POST[1]','$_POST[2]','$_POST[3]','$_POST[4]')";
But since this query will also be used by other script that have different quantity of $_POST, I really need them to be looped in this file.
Note: $field is located in the other file.
You need to do:
for ($i=0; $i<count($field); $i++) {
$fieldpost[] = "'" . mysql_real_escape_string($_POST[$i]) . "'";
}
so that the values will be enclosed in quotes and also be escaped properly.
Let's assume you have an array containing the lines to insert :
<?php
$lines = array(
array("Value 1A", "Value 2A", "Value 3A", "..."),
array("Value 1B", "Value 2B", "Value 3B", "..."),
array("Value 1C", "Value 2C", "Value 3C", "...")
// ...
);
First of all, you need to escape your values before insterting them in a query, especially if they come from the user ($_POST, etc.). mysql_real_escape_string() does that for you.
<?php
foreach ($lines as &$line) {
foreach ($line as &$value) {
$value = '\'' . mysql_real_escape_string($value) . '\'';
}
}
Then your build your individual value sets :
<?php
$sets = array();
foreach ($lines as $line) {
$sets[] = '(' . implode(', ', $line) . ')';
}
And only then you build your query
<?php
$query = 'INSERT INTO yourtable (field1, field2, field3) VALUES '
$query .= implode(', ', $sets)
mysql_query($query)
You can of course combine the two first loops, I only separated for the sake of explanation :
<?php
$sets = array();
foreach ($lines as $line) {
foreach ($line as &$value) {
$value = '\'' . mysql_real_escape_string($value) . '\'';
}
$sets[] = '(' . implode(', ', $line) . ')';
}
$query = 'INSERT INTO yourtable (field1, field2, field3) VALUES '
$query .= implode(', ', $sets)
mysql_query($query)
Try something like the following to ensure the field name posted is valid and the values correctly escaped.
$fields = array('column_a', 'column_b', 'column_c');
foreach($_POST as $name => $value) {
if (isset($fields[$name])) {
$columns[] = $fields[$name];
$values[] = "'" . mysql_real_escape_string($value) ."'";
}
}
if (! empty($columns)) {
$sql = sprintf('INSERT INTO %s (%s) (%S)', $tableName, implode(',', $columns), implode(',', $values));
}
Really you should be using parameter placeholders (?) for the values and prepare the statement with PDO or equivalent.
Okay this is going to be a little complex.
But right now i am using a homewritten function to create a query for creating inserting a page into the db.
And i was wondering if there was a smarter way to do a flexible "insert into" method.
The problem is that i have some fields which are optional to type in when creating a page so right now i am using this where i am running through all fields and checks whether they are set or not. :
//creates an Array which can be used to make a MySQL query
function createQueryArray($new) {
if (isset($this->users_id))
$this->query_array['users_id'] = mysql_real_escape_string($this->users_id);
if (isset($this->pagename))
$this->query_array['pagename'] = mysql_real_escape_string($this->pagename);
if (isset($this->seo_pagetitle))
$this->query_array['seo_pagetitle'] = mysql_real_escape_string($this->seo_pagetitle);
if (isset($this->seo_description))
$this->query_array['seo_description'] = mysql_real_escape_string($this->seo_description);
if (isset($this->seo_keywords))
$this->query_array['seo_keywords'] = mysql_real_escape_string($this->seo_keywords);
if (isset($this->seo_robots))
$this->query_array['seo_robots'] = mysql_real_escape_string($this->seo_robots);
if (isset($this->seo_canonical))
$this->query_array['seo_canonical'] = mysql_real_escape_string($this->seo_canonical);
if (isset($this->type))
$this->query_array['page_type'] = mysql_real_escape_string($this->type);
//$this->query_array['last_edited'] = date("Y-m-d H:i:s");
}
Afterwards i am calling this function with the array and the table i wanna insert the page into:
function createInsertStm($arr, $table) {
$mysqlQuery = ("INSERT INTO $table (");
$insert = "";
$values = "";
if (is_array($arr))
foreach ($arr as $key => $value) {
if ($insert == "")
$insert .= $key;
else
$insert .= ', ' . $key;
if ($values == "")
$values .= (preg_match('/(MAX\(id\))(.*?)/', $value)) ? $value : '"' . $value . '"';
else
$values .= (preg_match('/(MAX\(id\))(.*?)/', $value)) ? "," . $value : ',"' . $value . '"';
}
$mysqlQuery .= $insert;
$mysqlQuery .= ') VALUES (';
$mysqlQuery .= $values;
$mysqlQuery .= ')';
return $mysqlQuery;
}
$db->query($queryArray["pages"]);
Is it posible to use a prepared statement and then just skip some of the fields or something similar?
If you setup a default value in the table definition, then you can omit the value on insert.
Check the following page for more info on default values:
http://dev.mysql.com/doc/refman/5.0/en/data-type-defaults.html
Is there any way to make the below-given code reusable for different tables, e.g. using foreach? So, how to send and use arrays of column names and values? Any example is highly appreciated.
<?php
include_once 'include/DatabaseConnector.php';
if(isset($_POST['flightNum'])) {
$flightNum=$_POST['flightNum'];
$from=$_POST['from'];
$STADate=$_POST['STADate'];
$query = 'UPDATE flightschedule
SET frm="'.$from.'",STADate="'.$STADate.'"
WHERE flightNum="'.$flightNum.'"';
DatabaseConnector::ExecuteQuery($query);
echo '1';
} else {
echo '0';
}
?>
UPDATE: What if I don't know column names apriori? How to create flexible UPDATE statement?
you can convert your code into a reusable function. for example.
function updateDB($tableName, $flightNum, $from, $STADate) {
include_once 'include/DatabaseConnector.php';
$query = 'UPDATE ' . $tableName
SET frm="'.$from.'",STADate="'.$STADate.'"
WHERE flightNum="'.$flightNum.'"';
$execute = DatabaseConnector::ExecuteQuery($query);
return $execute;
}
and to use it
if(isset($_POST['flightNum']) {
$update = updateDB('flightschedule', $_POST['flightNum'], $_POST['from'], $_POST['STADate']);
echo $update;
}
Update:
I want to send an array of column names to the function 'updateDB'.
Let's say these are column names for SET and WHERE parts of UPDATE
statement. And then I could use FOREACH, but I need some example for
this.
this is how you can do it.
function updateDB($tableName, $columns, $where) {
//do some validation here to check if proper data is being passed like
if(!isarray($columns)) {
throw new Exception('argument two $columns should be an associative array');
}
include_once 'include/DatabaseConnector.php';
$query = 'UPDATE ' . $tableName;
foreach($columns as $column => $data) {
$query .= ' SET ' . $column . ' = ' . $data . ', ';
}
//remove last comma from the update query string
$query = substr($query, 0, -1);
$query .= ' WHERE ' . $where['column'] . ' = ' . $where['value'];
$execute = DatabaseConnector::ExecuteQuery($query);
return $execute;
}
and to use it.
if(isset($_POST['flightNum']) {
$columns = array(
'frm' => $_POST['frm'],
'STADate' => $_POST['STADate']
);
$where = array(
'column'=> 'flightNum',
'value' => $_POST['flightNum']
);
$update = updateDB('flightschedule', $columns, $where);
echo $update;
}
Something like this should work:
function generateUpdateQuery($table, $fields, $where) {
$updateFields = array();
foreach ($fields as $k => $v) {
$updateFields[] = $k.' = \''.$v.'\'';
}
$sqlQuery = 'UPDATE '.$table.
' SET '.implode(', ', $updateFields).
' WHERE '.implode(' AND ', $where);
return $sqlQuery;
}
echo generateUpdateQuery('table_name',
array(
'field_a' => '10',
'field_b' => 'hello',
'field_c' => 'world'),
array(
'id=12',
'datetime > NOW()')
);
Keep in mind that this is a simple example without any security check. Something like PDO would be recommended.
Moreover, if you're looking for something more robust and flexible you should give a look to a ORM system, like Doctrine
So I'm trying to create a function that generates a SQL query string based on a multi dimensional array.
Example:
function createQueryString($arrayToSelect, $table, $conditionalArray) {
$queryStr = "SELECT ".implode(", ", $arrayToSelect)." FROM ".$table." WHERE ";
$queryStr = $queryStr.implode(" AND ",$conditionalArray); /*NEED HELP HERE*/
return $queryStr;
}
$columnsToSelect = array('ID','username');
$table = 'table';
$conditions = array('lastname'=>'doe','zipcode'=>'12345');
echo createQueryString($columnsToSelect, $table, $conditions); /*will result in incorrect SQL syntax*/
as you can see I need help with the 3rd line as it's currently printing
SELECT ID, username FROM table WHERE
lastname AND zipcode
but it should be printing
SELECT ID, username FROM table WHERE
lastname = 'doe' AND zipcode = '12345'
You're not actually imploding a multidimensional array. $conditions is an associative array.
Just use a foreach loop inside your function createQueryString(). Something like this should work, note it's untested.:
$terms = count($conditionalArray);
foreach ($conditionalArray as $field => $value)
{
$terms--;
$queryStr .= $field . ' = ' . $value;
if ($terms)
{
$queryStr .= ' AND ';
}
}
Note: To prevent SQL injection, the values should be escaped and/or quoted as appropriate/necessary for the DB employed. Don't just copy and paste; think!
function implodeItem(&$item, $key) // Note the &$item
{
$item = $key . "=" . $item;
}
[...]
$conditionals = array(
"foo" => "bar"
);
array_walk($conditionals, "implodeItem");
implode(' AND ', $conditionals);
Untested, but something like this should work. This way you can also check if $item is an array and use IN for those cases.
You will have to write another function to process the $conditionalArray, i.e. processing the $key => $value and handling the types, e.g. applying quotes if they're string.
Are you just dealing with = condition? What about LIKE, <, >?
Forgive me if its not too sexy !
$data = array('name'=>'xzy',
'zip'=>'3432',
'city'=>'NYK',
'state'=>'Alaska');
$x=preg_replace('/^(.*)$/e', ' "$1=\'". $data["$1"]."\'" ',array_flip($data));
$x=implode(' AND ' , $x);
So the output will be sth like :
name='xzy' AND zip='3432' AND city='NYK' AND state='Alaska'
I'd advise against automated conditionals creation.
Your case is too local, while there can be many other operators - LIKE, IN, BETWEEN, <, > etc.
Some logic including several ANDs and ORs.
The best way is manual way.
I am always doing such things this way
if (!empty($_GET['rooms'])) $w[]="rooms='".mesc($_GET['rooms'])."'";
if (!empty($_GET['space'])) $w[]="space='".mesc($_GET['space'])."'";
if (!empty($_GET['max_price'])) $w[]="price < '".mesc($_GET['max_price'])."'";
Though if you still want it with this simple array, just iterate it using
foreach ($conditions as $fieldname => $value)...
and then combine these variables in the way you need. you have 2 options: make another array of this with field='value' pairs and then implode it, or just concatenate, and substr trailing AND at the end.
I use a variation of this:
function implode_assoc($glue,$sep,$arr)
{
if (empty($glue)) {$glue='; ';}
if (empty($sep)) {$sep=' = ';}
if (is_array($arr))
{
foreach ($arr as $k=>$v)
{
$str .= $k.$sep.$v.$glue;
}
return $str;
} else {
return false;
}
};
It's rough but works.
Here is a working version:
//use: implode_assoc($v,"="," / ")
//changed: argument order, when passing to function, and in function
//output: $_FILES array ... name=order_btn.jpg / type=image/jpeg / tmp_name=G:\wamp\tmp\phpBDC9.tmp / error=0 / size=0 /
function implode_assoc($arr,$glue,$sep){
$str = '';
if (empty($glue)) {$glue='; ';}
if (empty($sep)) {$sep=' = ';}
if (is_array($arr))
{
foreach ($arr as $key=>$value)
{
$str .= $key.$glue.$value.$sep;
}
return $str;
} else {
return false;
}
}
I know this is for the case of a pdo mysql type.. but what i do is build pdo wrapper methods, and in this case i do this function that helps to build the string, since we work with keys, there is no possible way to mysql inject, since i know the keys i define / accept manually.
imagine this data:
$data=array(
"name"=>$_GET["name"],
"email"=>$_GET["email"]
);
you defined utils methods...
public static function serialize_type($obj,$mode){
$d2="";
if($mode=="insert"){
$d2.=" (".implode(",",array_keys($obj)).") ";
$d2.=" VALUES(";
foreach ($obj as $key=>$item){$d2.=":".$key.",";}
$d2=rtrim($d2,",").")";}
if($mode=="update"){
foreach ($obj as $key=>$item){$d2.=$key."=:".$key.",";}
}
return rtrim($d2,",");
}
then the query bind array builder ( i could use direct array reference but lets simplify):
public static function bind_build($array){
$query_array=$array;
foreach ($query_array as $key => $value) { $query_array[":".$key] = $query_array[$key]; unset($query_array[$key]); } //auto prepair array for PDO
return $query_array; }
then you execute...
$query ="insert into table_x ".self::serialize_type( $data, "insert" );
$me->statement = #$me->dbh->prepare( $query );
$me->result=$me->statement->execute( self::bind_build($data) );
You could also go for an update easy with...
$query ="update table_x set ".self::serialize_type( $data, "update" )." where id=:id";
$me->statement = #$me->dbh->prepare( $query );
$data["id"]="123"; //add the id
$me->result=$me->statement->execute( self::bind_build($data) );
But the most important part here is the serialize_type function
Try this
function GeraSQL($funcao, $tabela, $chave, $valor, $campos) {
$SQL = '';
if ($funcao == 'UPDATE') :
//Formata SQL UPDATE
$SQL = "UPDATE $tabela SET ";
foreach ($campos as $campo => $valor) :
$SQL .= "$campo = '$valor', ";
endforeach;
$SQL = substr($SQL, 0, -2);
$SQL .= " WHERE $chave = '$valor' ";
elseif ($funcao == 'INSERT') :
//Formata SQL INSERT
$SQL = "INSERT INTO $tabela ";
$SQL .= "(" . implode(", ", array_keys($campos) ) . ")";
$SQL .= " VALUES ('" . implode("', '", $campos) . "')";
endif;
return $SQL;
}
//Use
$data = array('NAME' => 'JOHN', 'EMAIL' => 'J#GMAIL.COM');
GeraSQL('INSERT', 'Customers', 'CustID', 1000, $data);