On 13 April 2010 00:04, Gary <gwpaul@xxxxxxx> wrote:
> For those that were looking to see a solution, this is what I have come up
> with. It was pointed out on another board (MySQL) that inserting multiple
> in one script is probably prohibited because of security reasons.
>
> What I did was open the connection, insert into the table, close the
> connection, close the php script, then start over again. This is the code:
>
> $dbc=mysqli_connect('localhost','root','','test')or die('Error connecting to
> MySQL server');
>
> $query="INSERT INTO name(fname, lname)"."VALUES('$fname','$lname')";
>
> $result=mysqli_query($dbc, $query)
> or die('Error querying database.');
>
> mysqli_close($dbc);
> ?>
>
> <?php
>
> $dbc=mysqli_connect('localhost','root','','test')or die('Error connecting to
> MySQL server');
> $query="INSERT INTO address (street, town, state,
> zip)"."VALUES('$street','$town','$state','$zip')";
>
> $result=mysqli_query($dbc, $query)
> or die('Error querying database.');
>
> mysqli_close($dbc);
>
> ?>
>
> It seems a little redundant for PHP, however it seems to work.
>
> Thank you to everyone that responded. If by the way someone sees an issue
> with this solution, I would love to read it.
Off the top of my head: just reuse the connection. There's no need to
close it, then reopen it. The only security problem you're facing is
that you cannot send multiple queries in *the same string*[1]. So send
the queries one by one, but in the same script, using the same
connection.
1. The reason this is a security concern is that otherwise, should
someone manage to inject sql into your query, they could drop in a
semi-colon and then start a new query. By not allowing this, a lot of
bad injections are by default ruled out.
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51
</hype>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
