This is tenuous and insecure, you have no control over the $_POST array, only
the submitting page does, I'd do a sanity check, and assign the values needed
into another array before submitting to the database.
This is also primed for a SQL injection attack.
Bad idea.. IMHO..
-Micah
On Monday 22 August 2005 3:52 pm, Jon Crump wrote:
> Thanks mike! that did the trick. This works:
>
> array_pop($_POST);
> /* this gets rid of the last element of $_POST which is 'addentry' from
> the form's submit button. $_POST now containes ONLY the values expected by
> pg_insert. By the way, the order of the values in $_POST does not seem to
> matter, only that there are exactly as many as there are columns in the
> table and their names match the columns exactly.*/
>
> $res = pg_insert($db, 'foo', $_POST);
> if ($res) {
> echo "You're a Genius";
> } else {
> print pg_last_error ($db);
> exit;
> }
>
> On Mon, 22 Aug 2005, mike burnard wrote:
> > It very likely is the error. you can use array_pop($_POST); to remove
> > that last line. You can always have your insert function return an error
> > on failure. <snip />
>
> By the way Bastian and John, thanks for responding to my pg_connect
> question some days ago. Installing Marc Liyanage's distribution did the
> trick!
>
> Thanks too to Bastian and Micah.
>
> >Or if you need to store all the values, you could normalize the table
>
> field
>
> >into another table.
>
> -Micah
>
> On Monday 22 August 2005 3:19 pm, Bastien Koert wrote:
> > To further append the previous note,
> >
> > if you want to insert the array, you need to serialize it
> > (www.php.net/serialize) to make the array db safe
> >
> > if you want to insert the individual specific values, you will need to
> > implode the array with separators (and check the data in the correct
>
> order
>
> > for the field list) or you will need to supply a field list that matches
> > the array list to ensure the data elements are placed into the correct
> > columns
> >
> > Bastien
>
> I'm not sure what any of this means, but it didn't turn out to be
> necessary.
>
> Jon
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
