发表新帖
发表新帖

PHP PDO Insert Method

前端 未结
关注
2 1198
暗喜
暗喜 2021-02-03 15:40

I\'m working on a PHP class method to insert form values into mysql database with PDO. The idea is outlined below but I cannot figure out how to pass in the fourth parameter of

相关标签:
2条回答
  • 我寻月下人不归
    2021-02-03 16:25

    I would use an array. Perhaps something like this:

    public function MySqlDbInsert($DbTableName, $values = array())
{
    try{
        $dbh = new PDO('.....');

        // Specify the tables where you can insert
        $allowedTables = array('table_1', 'table_2', 'table_3');

        // Specify allowed column names
        $allowedColumns = array('age', 'city', 'address');

        if (!in_array($DbTableName, $allowedTables))
            throw new Exception('Invalid Table Given!');

        $columns = array_keys($values);
        foreach ($columns as $c)
        {
            if (!in_array($c, $allowedColumns))
                throw new Exception('The column ' . $c. ' is not allowed');
        }

        $sql = 'INSERT INTO ' . $DbTableName;
        $sql .= '(' . implode(',', $columns) . ') ';
        $sql .= 'VALUES (' . implode(',', array_fill(0, count($values), '?')) . ')';

        $sth = $dbh->prepare($sql);
        $sth->execute(array_values($values));
    }
    catch(PDOException $e){
        $this->ResponseMessage(true, 'Database access FAILED!');
    }
    catch(Exception $e) { $this->ResponseMessage(true, $e->getMessage()); }
}

$contact->MySqlDbInsert('table_name', array('colname1' => 'value1', 'colname2' => 'value2', 'colname3' => 'value3'));

    All values will be escaped as "PDO::PARAM_STR", though.

    0 讨论(0)
  • 青春惊慌失措
    2021-02-03 16:39

    for dynamic insert in PDO i use below function.

    for use this passed values in array format to function :

    <?php
class Contact
{
    private $UploadedFiles = '';
    private $DbHost = DB_HOST;
    private $DbName = DB_NAME;
    private $DbUser = DB_USER;
    private $DbPass = DB_PASS;
    private $table;

    function __construct()
    {
        $this->table = strtolower(get_class());
    }

    public function insert($values = array())
    {
        $dbh = new PDO("mysql:host=$this->DbHost;dbname=$this->DbName", $this->DbUser, $this->DbPass, array(PDO::ATTR_PERSISTENT => true));
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $dbh->exec("SET CHARACTER SET utf8");

        foreach ($values as $field => $v)
            $ins[] = ':' . $field;

        $ins = implode(',', $ins);
        $fields = implode(',', array_keys($values));
        $sql = "INSERT INTO $this->table ($fields) VALUES ($ins)";

        $sth = $dbh->prepare($sql);
        foreach ($values as $f => $v)
        {
            $sth->bindValue(':' . $f, $v);
        }
        $sth->execute();
        //return $this->lastId = $dbh->lastInsertId();
    }

}

    and use it :

    $contact = new Contact();
$values = array('col1'=>'value1','col2'=>'value2');
$contact->insert($values);
    0 讨论(0)
 看不清?
提交回复
热议问题