Thread: Test (fwd)
To reword. I am an open source programmer just learning the ropes. I am about halfway through the php documentation at zend.com, and can't seem to post to the php.lists.net. So I am asking someone here... I need to take the entries from several web forms, and put their contents into a postresql database. The php function pg_exec is the only way I've seen to actually use INSERT. Here is my idea: -using arrays $query = "insert into <table_name> ($names_of_form_fields) values ($values_of_form_fields); so there you have it. I have been to php.net I read documentation religiously i'm simply asking for help anyone? ---------- Forwarded message ---------- Date: Wed, 13 Jun 2001 15:11:08 -0400 (EDT) From: Chadwick Rolfs <c2304182@webdevel.urban.csuohio.edu> To: pgsql-php@postgresql.org Subject: Test I can't seem to post to this list that I keep recieving e-mail from. I want to parse a web form through php and put it into a postgresql batabase. Who can help? or point me toward the right direction... thanks.
Write your own function. function compileinsertquery($table,$formfieldarray,$formfieldvalues) { $insertquery = "INSERT INTO $table ("; foreach ($formfieldarray as $id => $val) { $insertquery .= $val.","; } $insertquery = substr($insertquery,0,-1); # remove last , $insertquery .= ") VALUES ("; foreach ($formfieldvalues as $id => $val) { $insertquery .= "'".$val."',"; } $insertquery = substr($insertquery,0,-1); # remove last , $insertquery .= ")"; echo "your insert query is ".$insertquery; } obviously check it's working ok (this is a 10sec job) before using it. all done. And yes, the pg_exec function is the only way to actually manipulate the database in any way. If you've read the docs, you'd know this. >To reword. > >I am an open source programmer just learning the ropes. I am about >halfway through the php documentation at zend.com, and can't seem to post >to the php.lists.net. So I am asking someone here... >I need to take the entries from several web forms, and put their contents >into a postresql database. The php function pg_exec is the only way I've >seen to actually use INSERT. >Here is my idea: -using arrays > >$query = "insert into <table_name> ($names_of_form_fields) > values > ($values_of_form_fields); > >so there you have it. >I have been to php.net >I read documentation religiously >i'm simply asking for help >anyone? > > >---------- Forwarded message ---------- >Date: Wed, 13 Jun 2001 15:11:08 -0400 (EDT) >From: Chadwick Rolfs <c2304182@webdevel.urban.csuohio.edu> >To: pgsql-php@postgresql.org >Subject: Test > >I can't seem to post to this list that I keep recieving e-mail from. I >want to parse a web form through php and put it into a postgresql >batabase. Who can help? or point me toward the right direction... >thanks. ---------------------- Chris Smith http://www.squiz.net/
Your insert idea won't work. SQL knows nothing (in regards to PHP) of arrays. You actually have to break out the variables. $query = "insert into <table_name> (field1, field2, field3) values ($text1, $text2, text3);" Plus, you have to make sure to check for apostrophes. That will break your SQL statement if someone typed them into the text field. Adam Lang Systems Engineer Rutgers Casualty Insurance Company http://www.rutgersinsurance.com ----- Original Message ----- From: "Chadwick Rolfs" <c2304182@webdevel.urban.csuohio.edu> To: <pgsql-php@postgresql.org> Sent: Wednesday, June 13, 2001 7:44 PM Subject: [PHP] Test (fwd) > To reword. > > I am an open source programmer just learning the ropes. I am about > halfway through the php documentation at zend.com, and can't seem to post > to the php.lists.net. So I am asking someone here... > I need to take the entries from several web forms, and put their contents > into a postresql database. The php function pg_exec is the only way I've > seen to actually use INSERT. > Here is my idea: -using arrays > > $query = "insert into <table_name> ($names_of_form_fields) > values ($values_of_form_fields); > > so there you have it. > I have been to php.net > I read documentation religiously > i'm simply asking for help > anyone? > > > ---------- Forwarded message ---------- > Date: Wed, 13 Jun 2001 15:11:08 -0400 (EDT) > From: Chadwick Rolfs <c2304182@webdevel.urban.csuohio.edu> > To: pgsql-php@postgresql.org > Subject: Test > > I can't seem to post to this list that I keep recieving e-mail from. I > want to parse a web form through php and put it into a postgresql > batabase. Who can help? or point me toward the right direction... > thanks. > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster
aalang@rutgersinsurance.com writes: > >Plus, you have to make sure to check for apostrophes. That will break >your >SQL statement if someone typed them into the text field. > Well, this caveat had never occured to me. So how does someone enter strings with enclosed apostrophes, as in the Irish surname O'Mallory or the Yemeni placename Sana'a? Gary ************************************************************************** * Gary B. Hoffman, Computing Services Manager e-mail: ghoffman@ucsd.edu * * Graduate School of International Relations and Pacific Studies (IR/PS) * * University of California, San Diego (UCSD) voice: (858) 534-1989 * * 9500 Gilman Dr. MC 0519 fax: (858) 534-3939 * * La Jolla, CA 92093-0519 USA web: http://www-irps.ucsd.edu/ * **************************************************************************
It could fluctuate on each database, so always check the appropriate documentation, but... the standard way usually is to double the apostrophe O'Brien would be O''Brien (the middle is two apostrophes, not a quote) Adam Lang Systems Engineer Rutgers Casualty Insurance Company http://www.rutgersinsurance.com ----- Original Message ----- From: "Gary Hoffman" <ghoffman@ucsd.edu> To: <pgsql-php@postgresql.org> Cc: <aalang@rutgersinsurance.com> Sent: Thursday, June 14, 2001 1:12 PM Subject: Re(2): [PHP] Test (fwd) > aalang@rutgersinsurance.com writes: > > > >Plus, you have to make sure to check for apostrophes. That will break > >your > >SQL statement if someone typed them into the text field. > > > > Well, this caveat had never occured to me. So how does someone enter > strings with enclosed apostrophes, as in the Irish surname O'Mallory or > the Yemeni placename Sana'a? > > Gary > > ************************************************************************** > * Gary B. Hoffman, Computing Services Manager e-mail: ghoffman@ucsd.edu * > * Graduate School of International Relations and Pacific Studies (IR/PS) * > * University of California, San Diego (UCSD) voice: (858) 534-1989 * > * 9500 Gilman Dr. MC 0519 fax: (858) 534-3939 * > * La Jolla, CA 92093-0519 USA web: http://www-irps.ucsd.edu/ * > ************************************************************************** > >
The apostrophe being a special character in PostgreSQL (and most other databases), it needs to be escaped if you wish it to go nicely into a query.. addslashes() and related functions will help there. Another thing to keep in mine is htmlspecialchars() -- it's very useful when someone might put a double quote in your form field -- which could seriously mess up when you have something like <INPUT TYPE="TEXT" NAME="Whatever" VALUE="this is what I'm "talking" about"> , sort of thing. I missed the first post so please excuse me if I'm way off base.. Good luck! -Mitch ----- Original Message ----- From: "Adam Lang" <aalang@rutgersinsurance.com> To: <pgsql-php@postgresql.org> Sent: Thursday, June 14, 2001 1:28 PM Subject: Re: Re(2): [PHP] Test (fwd) > It could fluctuate on each database, so always check the appropriate > documentation, but... > > the standard way usually is to double the apostrophe > > O'Brien would be O''Brien (the middle is two apostrophes, not a quote) > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > http://www.rutgersinsurance.com > ----- Original Message ----- > From: "Gary Hoffman" <ghoffman@ucsd.edu> > To: <pgsql-php@postgresql.org> > Cc: <aalang@rutgersinsurance.com> > Sent: Thursday, June 14, 2001 1:12 PM > Subject: Re(2): [PHP] Test (fwd) > > > > aalang@rutgersinsurance.com writes: > > > > > >Plus, you have to make sure to check for apostrophes. That will break > > >your > > >SQL statement if someone typed them into the text field. > > > > > > > Well, this caveat had never occured to me. So how does someone enter > > strings with enclosed apostrophes, as in the Irish surname O'Mallory or > > the Yemeni placename Sana'a? > > > > Gary > > > > ************************************************************************** > > * Gary B. Hoffman, Computing Services Manager e-mail: ghoffman@ucsd.edu * > > * Graduate School of International Relations and Pacific Studies (IR/PS) * > > * University of California, San Diego (UCSD) voice: (858) 534-1989 * > > * 9500 Gilman Dr. MC 0519 fax: (858) 534-3939 * > > * La Jolla, CA 92093-0519 USA web: http://www-irps.ucsd.edu/ * > > ************************************************************************** > > > > > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster >
On Thu, Jun 14, 2001 at 06:57:43PM -0400, Mitch Vincent wrote: > The apostrophe being a special character in PostgreSQL (and most other > databases), it needs to be escaped if you wish it to go nicely into a > query.. > addslashes() and related functions will help there. > > Another thing to keep in mine is htmlspecialchars() -- it's very useful > when someone might put a double quote in your form field -- which could > seriously mess up when you have something like <INPUT TYPE="TEXT" > NAME="Whatever" VALUE="this is what I'm "talking" about"> , sort of thing. Also note that the PHP runtime parameter magic_quotes_gpc is usually on by default which does the escaping by default. - Frank