1. 首頁
  2. 問答
  3. 改進此插入類函數php

改進此插入類函數php

2011-09-28 72 views
1

我討厭鍵入INSERT查詢,你總是錯過某些東西,並得到語法錯誤。因此,我想創建自己的功能,讓我這樣做。這是我到目前爲止:改進此插入類函數php

$data['test'] = array('username' => 'john', 
       'password' => 'hello', 
       'userlevel' => '__d'); 

$table = 'users'; 

$numItems = count($data['test']); 
$i = 0; 

$sql = "INSERT INTO " . $table . "(". implode(", ", array_keys($data['test'])) .")"; 


$sql .= " VALUES ("; 

foreach ($data['test'] as $value) { 

    if ($i+1 == $numItems and $value == '__d') { 
     $sql .= "" . 'NOW()' . ")"; 
    } else if ($i+1 == $numItems) { 
     $sql .= "'" . $value . "')"; 
    } else if ($value == '__d') { 
     $sql .= "" . 'NOW()' . ", "; 
    } else { 
     $sql .= "'" . $value . "', "; 
    } 

      $i++; 


} 

echo $sql;

恩,是的。有關如何改進此代碼的任何提示?

來源

2011-09-28 John

+1

你需要逃避你的值來防止SQL注入:HTTP:// PHP .net/manual/en/security.database.sql-injection.php –

+0

我不這樣做,在數據庫類功能。我這樣做,外面:) – John

+0

這是工作代碼? – Herbert

回答

1 
<?php 
//test data 
$columns = array(
    'username'=>'john', 
    'password'=>'hello', 
    'userlevel'=>1, 
    'date'=>'__d' 
); 
$table = 'users'; 

// replace keys and values with SQL delimeters 
foreach($columns as $k=>$v) { 
    unset($columns[$k]); 

    if ($v != '__d' && !is_int($v)) 
     $v = "'$v'"; 

    if ($v == '__d') 
     $v = 'NOW()'; 

    $columns["`$k`"] = $v; 
} 

// create the query 
$sql = sprintf('INSERT INTO %s (%s) VALUES (%s)', 
      $table, 
      implode(",", array_keys($columns)), 
      implode(",", $columns) 
     ); 

echo $sql; 
?>

輸出:

INSERT INTO users (`username`,`password`,`userlevel`,`date`) VALUES ('john','hello',1,NOW())

來源

2011-09-28 14:46:43 Herbert

0 
$columns = array('username'=>'john', 'password'=>'hello', 'userlevel'=>1, 'date'=>$date); 
$table = 'users'; 

//function here 
$sql = "INSERT INTO " . $table . "(". implode(",", array_keys($columns)) .") VALUES ('". implode(",", $columns) ."')"; 

mysql_query($sql);

來源

2011-09-28 13:59:46 mahadeb

+0

如何在sql語句中插入__d到Now()作爲它的sql語句函數,我無法使用''。 – John

+0

啊,我想我現在有了一個想法來改善這一點。 – John

1

的sprintf可以讓事情變得更易讀

$columns = array('username'=>'john', 'password'=>'hello', 'userlevel'=>1, 'date'=>$date); 
$table = 'users'; 

$sql = sprintf(
    "insert into %s(%s) values(%s)", 
    $table, 
    implode(',', array_keys($columns)), 
    implode(',', array_map(function($v){ return ':'.$v; }, array_keys($columns))) 
); 

$stmnt = $pdo->prepare($sql); 
foreach($columns as $column => $value) { 
    $stmnt->bindValue(':'.$column, $value); 
} 
$stmnt->execute();

來源

2011-09-28 14:38:19 Galen

相關問題

 相關問題