How to build a dynamic MySQL INSERT statement with PHP

Question 1

How to build a dynamic MySQL INSERT statement with PHP

php mysql post show implode

Michal · Jul 31, 2013 · Viewed 13.8k times · Source

Answer

Answer

Because you're not inserting ALL columns, you need to dynamically build an insert statement that will specify the columns you're inserting into.

First, create an array of the columns you want to use. Use this both to generate your form and to retrieve the values

$exclude = array("id", "nameandsurname", "departument", "phone", "computer", "date");
$result = mysql_query("SHOW COLUMNS FROM employees") or   die(mysql_error());
$columns = array();
while ($row = mysql_fetch_array($result)) {
    if (!in_array($row[0], $exclude) {
        $columns[] = $row[0];
    }
}

Render your form from the $columns array:

foreach ($columns as $column) {
    echo '<tr><td bgcolor="#ddddff">'.$column.'<br />';
    if (stripos($column, "privileges") !== false) {
        echo '<p><a class="hint" href="#">
                <input type="text" name="'.$column.'">
                <span>Privileges like "occupation" or "like  someone"</span></a>';
    } else {
        echo '<select name="'.$column.'">
                <option value = "No">No
                <option value = "Yes">Yes
              </select>';
    }
    echo '</td></tr>';
}

Then, dynamically build your INSERT string from the posted values for those columns. Be sure to protect against SQL injection:

$keys = array();
$values = array();
foreach ($columns as $column) {
    $value = trim($_POST[$column]);
    $value = mysql_real_escape_string($value);
    $keys[] = "`{$column}`";
    $values[] = "'{$value}'";
}
$query = "INSERT INTO 'employees' (" . implode(",", $keys) . ") 
          VALUES (" . implode(",", $values) . ");";

Note: this will work better if you select from INFORMATION_SCHEMA.COLUMNS so that you can know the type of column you're inserting into. That way, you won't have to quote everything.

Question 2

Hello

This part of a form is showing columns names from mysql table (names of applications installed on a computer) and creating a form with YES/NO option or input type="text" box for additional privileges to a application..

How can I insert it back to a mysql table using POST and mysql_query INSERT INTO?????
Quantity of columns is changing because there is another form for adding applications with/without privileges..

<tr bgcolor=#ddddff>';

//mysql_query for getting columns names
$result = mysql_query("SHOW COLUMNS FROM employees") or   die(mysql_error());   
while ($row = mysql_fetch_array($result))
{
    //exclude these columns bcs these are in other part of form
    if($row[0] == 'id' || $row[0] == 'nameandsurname' || $row[0] == 'department' 
            || $row[0] == 'phone' || $row[0] == 'computer'  || $row[0] == 'data') 
        continue;
    echo '<td bgcolor=#ddddff>'.$row[0].'<br />';

    if (stripos($row[0], "privileges") !== false) {
        echo '<td bgcolor=#ddddff><p><a class=hint href=#>
            <input type="text" name="'.$row[0].'">
            <span>Privileges like "occupation" or "like  someone"</span></a></p></td></tr>';
    }
    else
    {
        echo '<td bgcolor=#ddddff align=center><select name="'.$row[0].'">
            <option value = "No">No
            <option value = "Yes">Yes
            </td>
            </tr>';
    }
}

trim($_POST); // ????

$query = "INSERT INTO 'employees' VALUES (??)";  // ????

How to build a dynamic MySQL INSERT statement with PHP

Answer

Related questions