1

Hi i been trying to inserting array's into MySql database

The problem i am having is that i have different datatypes and sometime data can be a 0 value, having () curly brackets, percentage value with % sign. I would like to know a way use some already built php function that can deal with this issues.

So here is what i have done so far:

$t = array('country_code' => $data->country_code,   
           'Name' => $data->Name,
           'money' => $data->money,
           'chanceToDie' => $data->death,
           'age' => $cb->age)

/*  FORMAT EXAMPLE
    country_code = Africa (AF)
    name = jack
    chanceToDie = 5.5
    age = 62
*/

$columns = implode(", ",array_keys($t));

//Tried
$values = implode(", ",array_values($t));           //Dont work
$values = "'".implode("', '",array_values($t))."'";     //Dont work

$sql = "INSERT INTO table ($columns) VALUES ($values)";
Improve this question
4
  • Can you edit your question to include expected result for your sample? Commented Oct 27, 2017 at 8:59
  • Learn to use prepared statements and bind variables, this helps with preserving datatypes etc. Commented Oct 27, 2017 at 8:59
  • you have to use array_values() Commented Oct 27, 2017 at 9:04
  • oh my bad i meant array_values()... ok i am going to edit Commented Oct 27, 2017 at 9:05

2 Answers 2

Reset to default
2

You need to quote each individual value and use array_values() instead of array_keys():

$values = '"' . implode('", "', array_values($t)) . '"';

However, this leaves you with an sql injection problem so you should really use a prepared statement.

In PDO you could use something like (assuming you control the keys and they are safe to use):

$values = ':' . implode(', :', array_keys($t));
// generates: ... VALUES(:country_code, :Name, :money,  // etc

Now you can prepare and execute your query using the array to bind the values to the placeholders. See for example http://php.net/manual/en/pdo.prepared-statements.php (the 6th example).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I had errors else where in the database and my code was work btw, but i will accept your answer anyway for the effort, Thanks you.
1

Try to use the advantage of PDO prepared queries - it is more safe and convinient.

Your code may look like this:

$col_names = array_keys($t);
// filter column names before inserting to sql to prevent sql injection
array_filter($col_names, function($v){return preg_relace("@\W@", "_", $v);});
// generate placeholders list: ?,?,?,?
$placeholders = implode(',', array_fill(0, count(t), "?"));
$values = array_values($t);

$q = $pdo->prepare('insert into (' . implode(",", $col_names) . ') values (' . $placeholders . ')');
$q->execute($values);

PDO will deal with data types and correctly replace every placeholder with the corresponding value.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.