<?php


// Function: Insert From Vals
// Take an associative array and build an insert statement
//
// $table -> the table you want to fill
// $prefix -> the prefix of the fields ( ie, auto_color -> 'auto_' )
// $vals -> the array to insert, default _POST
//
// Please note that this will work with normal database naming and not with 
// special names with spaces and accents and odd stuff
//
//
function insertFromVals( $table , $prefix , $vals = null )
{
	$fields = array();
	$vallues = array();

	if( is_null( $vals ) )
	{
		$vals = $_POST;
	}
	
	foreach( $vals as $k => $v )
	{
		if( preg_match( "/^".$prefix."/" , $k ) )
		{
			$fields[] = mysql_escape_string( $k );
			$values[] = mysql_escape_string( $v );
		}
	}
	$fields = join( "," , $fields );
	$values = "'" . join(  "', '" , $values ) ."'";

	$q = "INSERT INTO ".$table." (".$fields.") VALUES (".$values.")";
	
	return $q;
}



/// testing code here:
/// probably not what you want to copy
/// illustrative purposes only


$test['user_name'] = "Doe";
$test['user_fname'] = "John";
$test['user_birthday'] = "1977-12-16 00:00:00";
$test['user_favorite_color'] = "orange";
$test['user_attempted_injection'] = "a string with a \"'\" can be dangerous in a db statement";


$q = insertFromVals( "users" , "user_" , $test );

echo $q;


?>

<?php


// Function: Insert From Vals
// Take an associative array and build an insert statement
//
// $table -> the table you want to fill
// $prefix -> the prefix of the fields ( ie, auto_color -> 'auto_' )
// $vals -> the array to insert, default _POST
//
// Please note that this will work with normal database naming and not with 
// special names with spaces and accents and odd stuff
//
//
function insertFromVals( $table , $prefix , $vals = null )
{
	$fields = array();
	$vallues = array();

	if( is_null( $vals ) )
	{
		$vals = $_POST;
	}
	
	foreach( $vals as $k => $v )
	{
		if( ereg( "^".$prefix , $k ) )
		{
			$fields[] = mysql_escape_string( $k );
			$values[] = mysql_escape_string( $v );
		}
	}
	$fields = join( "," , $fields );
	$values = "'" . join(  "', '" , $values ) ."'";

	$q = "INSERT INTO ".$table." (".$fields.") VALUES (".$values.")";
	
	return $q;
}



/// testing code here:
/// probably not what you want to copy
/// illustrative purposes only


$test['user_name'] = "Doe";
$test['user_fname'] = "John";
$test['user_birthday'] = "1977-12-16 00:00:00";
$test['user_favorite_color'] = "orange";
$test['user_attempted_injection'] = "a string with a \"'\" can be dangerous in a db statement";


$q = insertFromVals( "users" , "user_" , $test );

echo $q;


?>

<?php


// Function: Insert From Vals
// Take an associative array and build an insert statement
//
// $table -> the table you want to fill
// $prefix -> the prefix of the fields ( ie, auto_color -> 'auto_' )
// $vals -> the array to insert, default _POST
//
// Please note that this will work with normal database naming and not with 
// special names with spaces and accents and odd stuff
//
//
function insertFromVals( $table , $prefix , $vals = null )
{
	$fields = array();
	$vallues = array();

	if( is_null( $vals ) )
	{
		$vals = $_POST;
	}
	
	foreach( $vals as $k => $v )
	{
		if( ereg( "^".$prefix , $k ) )
		{
			$fields[] = mysql_escape_string( $k );
			$values[] = mysql_escape_string( $v );
		}
	}
	$fields = join( "," , $fields );
	$values = "'" . join(  "', '" , $values ) ."'";

	$q = "INSERT INTO ".$table." (".$fields.") VALUES (".$values.")";
	
	return $q;
}




$test['user_name'] = "Doe";
$test['user_fname'] = "John";
$test['user_birthday'] = "1977-12-16 00:00:00";
$test['user_favorite_color'] = "orange";
$test['user_attempted_injection'] = "a string with a \"'\" can be dangerous in a db statement";


$q = insertFromVals( "users" , "user_" , $test );

echo $q;


?>

// function InsertFromPost
// Take the post data and put it into a database
//
// $table -> the table you want to fill
// $prefix -> the prefix of the fields ( ie, auto_color -> 'auto_' )
//

function insertFromPost( $table , $prefix )
{
	foreach( $_POST as $k => $v )
	{
		if( ereg( "^".$prefix , $k ) )
		{
			$fields .= mysql_escape_string( $k ) . ", ";
			$values .= "'" . mysql_escape_string( $v ) . "', ";
		}
	}
	$fields = ereg_replace( ", $" , "" , $fields );
	$values = ereg_replace( ", $" , "" , $values );

	$q = "INSERT INTO ".$table." (".$fields.") VALUES (".$values.")";
	$qr = dbquery( $q );
	

	return $qr;
}

// function InsertFromPost
// Take the post data and put it into a database
//
// $table -> the table you want to fill
// $prefix -> the prefix of the fields ( ie, auto_color -> 'auto_' )
//

function insertFromPost( $table , $prefix )
{
	foreach( $_POST as $k => $v )
	{
		if( ereg( "^".$prefix , $k ) )
		{
			$fields .= mysql_escape_string( $k ) . ", ";
			$values .= "'" . mysql_escape_string( $v ) . "', ";
		}
	}
	$fields = ereg_replace( ", $" , "" , $fields );
	$values = ereg_replace( ", $" , "" , $values );

	$q = "INSERT INTO ".$table." (".$fields.") VALUES (".$values.")";
	$qr = dbquery( $q );
	
	return true;
}

// function InsertFromPost
// Take the post data and put it into a database
//
// $table -> the table you want to fill
// $prefix -> the prefix of the fields ( ie, auto_color -> 'auto_' )
//

function insertFromPost( $table , $prefix )
{
	foreach( $_POST as $k => $v )
	{
		if( ereg( "^".$prefix , $k ) )
		{
			$fields .= $k . ", ";
			$values .= "'" . mysql_escape_string( $v ) . "', ";
		}
	}
	$fields = ereg_replace( ", $" , "" , $fields );
	$values = ereg_replace( ", $" , "" , $values );

	$q = "INSERT INTO ".$table." (".$fields.") VALUES (".$values.")";
	$qr = dbquery( $q );
	
	return true;
}

http://www.itsgotto.be/cv.php

This is a long over due update to my db insert building function. Please not that the function is the important part the code below is just prove that it works... l:-)

PHP InsertFromVals

form, database

PHP