1

I have a $_POST array and I am trying to code an insert into a MySQL database without having to list through all the field names.

The array is a single row that needs to be inserted into the database.

The array looks like this:

Array
(
    [membership_type] => 4
    [title] => Mr
    [first_name] => John
    [last_name] => Smith
    [known_as] => John
    [address_1] => 10 High Street
    [address_2] => Big House
    [address_3] => Big Road
    [address_4] => Chipping Sodbury
    [address_5] => Bristol
    [post_code] => BS37 1AB
    [home_tel] => 01454 123456
    [mobile] => 07777 123456
    [email] => [email protected]
    [confirm_email] => [email protected]
    [day_dob] => 21
    [month_dob] => 09
    [year_dob] => 1974
    [volunteer] => on
    [employment_status] => employed
    [college_nus] => 
    [employment_address] => 50 Station Road
Chipping Sodbury
Bristol
BS37 2CD
    [occupation] => Managerial/Professional
    [employement_email] => [email protected]
    [employement_phone] => 01454 654321
    [terms] => 1
)

I have coded the form field names to correspond with the field names in the database for ease.

Many thanks,

John

Improve this question
6
  • This feels like a bad idea. How will you handle validation on a per-field level if you're just iterating over the fields and inserting whatever data the user provided? Commented May 1, 2016 at 7:25
  • @MattRaines The form is using Foundations data-abide so all the validation is being done before the form is submitted. Commented May 1, 2016 at 7:26
  • This post may help you stackoverflow.com/questions/19665981/… Commented May 1, 2016 at 7:27
  • 1
    I don't know Foundations but it looks like a client-side validation. If you follow any of the answers here or to the linked question you'll want to be absolutely certain the user didn't provide a form field called id) VALUES(1, 2, 3, 4, 5, ...); DROP TABLE Students; -- Commented May 1, 2016 at 7:46
  • @smnvhn - I tried the code from that post and get a Fatal error: Call to undefined function insert_data() error on the 4th line of the answer code: insert_data($mysqli, $array, $table_name); Commented May 1, 2016 at 7:47

2 Answers 2

Reset to default
3

you can use this method :

NOTE :i use PDO

first connect to DB like:

$connection = new PDO('mysql:host=' . yourHost . ';dbname=' . youDbName . ';charset=utf8', DBUser, Dbpass);

$data=$_POST;
  $bind = ':' . implode(',:', array_keys($data));
        $field = explode(",", $bind);
        $returnQuery = "INSERT INTO `tableName` (" . implode(",", array_keys($data)) . ") VALUES (" . $bind . ") ";
        $bind = $connection ->prepare($returnQuery);
        $bind->execute(array_combine($field, array_values($data)));

hope this help

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

@mohshenshakibafar - tried the PDO method and get the following error - Fatal error: Using $this when not in object context in....
hmm, i fix this problem for you :)
@mohshenshakibafar - included the connection string and now get - Fatal error: Using $this when not in object context in...
@JohnHiggins , Are you sure you copy all code above and change variable and constant to your database ?(like:yourhost must change to localhost or ...)
@mohshenshakibafar- This is the connection string I am using: $connection = new PDO('mysql:host=10.10.10.10;dbname=database', user, password);
|
0

You may need something like:

<?php
$query = "";
if(isset($_POST)){
    foreach( $_POST as $key => $val ) {
    $query .= " `$key`='$val', ";
    }
$query = preg_replace('/,$/', '', $query); // removes the last comma
}
//$query: `name`='pedro', `email`='[email protected]'
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.