Is there a better way to insert values to MySQL query than just VALUES($var1, $var2, $var3)?
Question
I just have the array of 15 values that all need to be inserted into the table. And I was just wondering if there is anything like this:
INSERT INTO table VALUES($myarrayofvalues)
Just curious, would be very useful.
Update:
Just one row with 15 columns.
2 answers
solution1
3 ACCPTED 2012-04-05 02:36:17
$query = "INSERT INTO table VALUES('" . implode("', '", $myarrayofvalues) . "')";
Edit :
If you haven't done your escaping yet, you can do that in a tiny loop before the above statement, something like:
foreach($myarrayofvalues as $k=>$v)
$myarrayofvalues[$k] = mysql_real_escape_string($v);
solution2
0 2012-04-05 02:41:31
While you can do what's show in the answer by Rick , it is open to SQL injection.
There is really no good way to do this without some kind of column mapping. That is something to state element 1 is a string, element 2 is an integer.
As such, I see two choices:
Escape everything
$values = array(); foreach ($myarrayofvalues as $value) { $column[].= "'". mysql_real_escape_string($value). "'"; } $sql = "INSERT INTO table VALUES(". implode(',', $values). ")";Write the complete SQL statement
$sql = "INSERT INTO table (column1_string, column2_int, ...) VALUES ('". mysql_real_escape_string($myarray[0]). "', ". (int)$myarray[1]. ", ...)
I prefer #2 because it is more readable and less brittle. Currently if your schema or array changes, your code breaks.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.