Decoding the query string array

"davidv" <ei*********@yahoo.com> wrote in message
news:WB********************@speakeasy.net...

I am building a very simple form that takes text and inserts data in a
MySQL db.

I would like my "logic" to simply insert the value in to the field in
the database that matches the name from the query string.

Here's the question- can I do this if I do not know how many name/value
pairs are passed to the "logic" ? Can I just step through the $_POST
array and use a do while $i <= count($_POST) or something?

I have tried this but for some reason I cannot get a number back from
the $_POST array. I am also confused about how the $_POST array is
constructed. How do I reference name/value pair $_POST[0,1,2 etc...] get
their "names" and "values" in to variables so I can accomplish the
INSERT SQL(e.g. $name = $_POST[0,0]; $value = $_POST[0,1]; [INSERT
$value INTO $name];- The MySQL fields will match $name)?

Thanks in advance.

David

First off - you ought to becareful writing $_POST data to the database
without first ensuring that its clean. Do you have magic_quotes on (its on
by default I think). Secondly, I have all my db values sent through
trim() - This removes excess space either side of your values, including any
null characters (I don't fully understand the latter other than believing
that some hacks can be performed with buffer overruns which (I believe, I
could be wrong) is performed by passing commands beyond null characters
(again, dunno how its done but believe I'm preventing such a hack from
happening by using trim().

Secondly... You need to know how an associated array works...

If you have a text field in HTML like so:

<input type=text name=firstname>

and it is submitted in a form, your $_POST will have a variable
$_POST['firstname']

If you're ever unsure about what has been passed, have your form posted to a
script that calls phpinfo(); and examine the output.

Secondly...

I'm new to MySQL but I have written a script that takes my HTML field/box
names and passes them to an insert in the correct order.... you have to be
careful with this.

I suggest that you first get to know arrays, single and multipe dimensional
and be sound on manipulating them before you think about writing them to the
database... You've not been entirely clear with your request, but I think I
know what you are trying to do... this is possible... but unless you read up
a little more, you could end up writing a script that you rely on, but
unable to support...

I think this may be what you're looking for (note this is off the top
of my head and may require some work on your part :)

$query = "INSERT INTO mytable (";
$q3 = ") VALUES (";
$q5 = ")";

while(list($key,$value)=explode($_POST)){

//Break $_POST into key,value pairs and iterate through the array

$key=trim(chop($key)); //Clean off White Space
$value=trim(chop($value));
$q2 .="$key,"; //concatenate key to q2
$q4 .="'$value',"; //concatenate value to q4
}
substr_replace($q2,"",strlen($q2)); //Get rid of that extra comma at
the end of q2
$q3= substr_replace($q3,"",strlen($q3));//Get rid of that extra comma
at the end of q3

$query .=$q2.$q3.$q4.$q5; //Add it all together
$result = mysql_query($query)
or die("Error: ".mysql_errno()." ".mysql_error()." while trying
$query"); //Give me my result or die, damn you die! Muhahaha!!!

Note the comments were added for effect :)

Hope that helps (Hope it's correct to :)


davidv <ei*********@yahoo.com> wrote in message news:<WB********************@speakeasy.net>...

I am building a very simple form that takes text and inserts data in a
MySQL db.

I would like my "logic" to simply insert the value in to the field in
the database that matches the name from the query string.

Here's the question- can I do this if I do not know how many name/value
pairs are passed to the "logic" ? Can I just step through the $_POST
array and use a do while $i <= count($_POST) or something?

I have tried this but for some reason I cannot get a number back from
the $_POST array. I am also confused about how the $_POST array is
constructed. How do I reference name/value pair $_POST[0,1,2 etc...] get
their "names" and "values" in to variables so I can accomplish the
INSERT SQL(e.g. $name = $_POST[0,0]; $value = $_POST[0,1]; [INSERT
$value INTO $name];- The MySQL fields will match $name)?

Thanks in advance.

David