I certainly agree with that Micah. array_pop only removes that last
item. If you are in a an open environment you definitely want to
include security checks and form validation.
-mike
On Aug 22, 2005, at 4:07 PM, Micah Stevens wrote:
This is tenuous and insecure, you have no control over the $_POST
array, only
the submitting page does, I'd do a sanity check, and assign the values
needed
into another array before submitting to the database.
This is also primed for a SQL injection attack.
Bad idea.. IMHO..
-Micah
On Monday 22 August 2005 3:52 pm, Jon Crump wrote:
Thanks mike! that did the trick. This works:
array_pop($_POST);
/* this gets rid of the last element of $_POST which is 'addentry'
from
the form's submit button. $_POST now containes ONLY the values
expected by
pg_insert. By the way, the order of the values in $_POST does not
seem to
matter, only that there are exactly as many as there are columns in
the
table and their names match the columns exactly.*/
$res = pg_insert($db, 'foo', $_POST);
if ($res) {
echo "You're a Genius";
} else {
print pg_last_error ($db);
exit;
}
On Mon, 22 Aug 2005, mike burnard wrote:
It very likely is the error. you can use array_pop($_POST); to
remove
that last line. You can always have your insert function return an
error
on failure. <snip />
By the way Bastian and John, thanks for responding to my pg_connect
question some days ago. Installing Marc Liyanage's distribution did
the
trick!
Thanks too to Bastian and Micah.
Or if you need to store all the values, you could normalize the table
field
into another table.
-Micah
On Monday 22 August 2005 3:19 pm, Bastien Koert wrote:
To further append the previous note,
if you want to insert the array, you need to serialize it
(www.php.net/serialize) to make the array db safe
if you want to insert the individual specific values, you will need
to
implode the array with separators (and check the data in the correct
order
for the field list) or you will need to supply a field list that
matches
the array list to ensure the data elements are placed into the
correct
columns
Bastien
I'm not sure what any of this means, but it didn't turn out to be
necessary.
Jon
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
