I agree, you must be careful of SQL injection... use
mysql_real_escape_string().
To chop off the last character of text use substr():
$sqlstruct = substr($sqlstruct, 0, -1);
Jordan
http://www.php.net/substr
Example 3. Using a negative length
<?php
$rest = substr("abcdef", 0, -1); // returns "abcde"
$rest = substr("abcdef", 2, -1); // returns "cde"
$rest = substr("abcdef", 4, -4); // returns ""
$rest = substr("abcdef", -3, -1); // returns "de"
?>
On Aug 20, 2005, at 4:55 PM, Greg Donald wrote:
On 8/20/05, Andras Kende <andras@xxxxxxxxx> wrote:
I would like to create the mysql insert query for my html form
fields,
I have a small problem it will have an extra , at the end of
$sqlstruct
And extra "" at $sqldata..
Anyone can give a hint ?
////////////
foreach ($_POST as $variable=>$value){
$sqlstruct.=$variable",";
$sqldata.=$value."\"','\"";
}
$query="insert into db ($sqlstruct) VALUES ($sqldata)";
$k = implode( ',', array_keys( $_POST ) );
$v = implode( ',', array_values( $_POST ) );
$sql = "INSERT INTO db ( $k ) VALUES ( $v )";
I'd never do something like this though, just begs for SQL injection.
--
Greg Donald
Zend Certified Engineer
MySQL Core Certification
http://destiney.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
