Code Forums - View Single Post

DJMaze · 04-06-2005, 01:11 AM

now you mention i do use such function.
Here's my code

PHP Code:


			
    function sql_insert($table, $fields)

    {

        if (is_array($fields) && !empty($fields)) {

            foreach ($fields AS $field => $value) {

                if (!is_int($field)) {

                    $qfields[] = $field;

                    $qvalues[] = "'".mysql_real_escape_string($value)."'";

                }

            }

            return mysql_query('INSERT INTO '.$table.' ('.implode(', ', $qfields).') VALUES ('.implode(', ', $qvalues).')');

        }

        return false;

    }

$fields is of the form

PHP Code:


			
$fields['fieldname'] = 'value';

Be aware this code needs unslashed data and then adds proper slashing for mysql itself.
There are several reasons why i don't allow PHP auto-slashed values.
One of them is magic_quotes_sybase=On which makes addslashes() pretty useless.

04-06-2005, 01:11 AM	#2 (permalink)
DJMaze Senior Contributor Join Date: Mar 2005 Posts: 651	now you mention i do use such function. Here's my code PHP Code: function sql_insert($table, $fields) { if (is_array($fields) && !empty($fields)) { foreach ($fields AS $field => $value) { if (!is_int($field)) { $qfields[] = $field; $qvalues[] = "'".mysql_real_escape_string($value)."'"; } } return mysql_query('INSERT INTO '.$table.' ('.implode(', ', $qfields).') VALUES ('.implode(', ', $qvalues).')'); } return false; } $fields is of the form PHP Code: `$fields['fieldname'] = 'value';` Be aware this code needs unslashed data and then adds proper slashing for mysql itself. There are several reasons why i don't allow PHP auto-slashed values. One of them is magic_quotes_sybase=On which makes addslashes() pretty useless.