Jon Anderson wrote: > This may not be an option for many people, 'cause ISPs and web hosts may > not be forward-thinking enough to install PDO or recent PHP, but... > > PDO can do do this in a very database independant way, without having to > do the equivalent of "mysql_real_escape_string": > > $table = 'xyz'; > $data = array( > 'Field1' => "Data1", > 'Field2' => "Data2" > ); > > $fields = implode(',',array_keys($data)); > $placeholders = ':' . implode(',:',array_keys($data)); > $stmt = $dbh->prepare("INSERT INTO $table ($fields) > VALUES($placeholders)"); > $stmt->execute($data); > > With the added bonus that you can insert multiple rows quickly without > having to rebuild any queries... > > $stmt->execute($data1); > $stmt->execute($data2); > ... > $stmt->execute($dataN); > > (And PDO is super-fast compared to some other similar PHP-based libraries.) unless your using firebird (http://php.net/ibase), in which case PDO is useless. not that that matters because the ibase extension does this (and has done this for longer than PDO has existed) natively (as in the DB engine does the real parameter related lifting, as opposed to some php extension - no offence to php devs but I'd rather entrust this to the people who developed the data base engine) and additionally the ibase extension is much more intuitive when it comes parameterized queries. $res = ibase_query('INSERT INTO foo (first, last) VALUES (?, ?)', $first, $last); [no that wasn't very helpful was it :-P] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php