On Wed, 11 Aug 2004 19:03:32 -0500, Alex Hogan
<[EMAIL PROTECTED]> wrote:
> Hi All,
>
> I have this expression;
> $query = "INSERT INTO $table (%s) VALUES (%s)";
> $query = sprintf($query, implode(",", $fld), implode(",",
> $val));
> $result = mssql_query($query) or die($errmsg);
> I am trying to insert values from an array into the database.
> I keep getting the error that I can't pass column names in this context.
> I know it's because I'm not enclosing $val in quotes.
> I've tried a number of variations;
> implode("\"","\"", $val)
> implode("\',\'", $val)
> implode(",", "\"".$val."\"") - This blows up nicely ;-)
>
> Where am I going wrong on this?
>
1) By using implode to do this
2) By not escaping quotes in the data
If you look in the PEAR::DB code, here's how they quote field names:
function quoteIdentifier($str)
{
return '[' . str_replace(']', ']]', $str) . ']';
}
and here's how they quote values:
function quoteSmart($in)
{
if (is_int($in) || is_double($in)) {
return $in;
} elseif (is_bool($in)) {
return $in ? 1 : 0;
} elseif (is_null($in)) {
return 'NULL';
} else {
return "'" . str_replace("'", "''", $in) . "'";
}
}
--
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder
paperCrane --Justin Patrin--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
