On Wed, 11 Aug 2004 19:03:32 -0500, Alex Hogan <[EMAIL PROTECTED]> wrote: > Hi All, > > I have this expression; > $query = "INSERT INTO $table (%s) VALUES (%s)"; > $query = sprintf($query, implode(",", $fld), implode(",", > $val)); > $result = mssql_query($query) or die($errmsg); > I am trying to insert values from an array into the database. > I keep getting the error that I can't pass column names in this context. > I know it's because I'm not enclosing $val in quotes. > I've tried a number of variations; > implode("\"","\"", $val) > implode("\',\'", $val) > implode(",", "\"".$val."\"") - This blows up nicely ;-) > > Where am I going wrong on this? >
1) By using implode to do this 2) By not escaping quotes in the data If you look in the PEAR::DB code, here's how they quote field names: function quoteIdentifier($str) { return '[' . str_replace(']', ']]', $str) . ']'; } and here's how they quote values: function quoteSmart($in) { if (is_int($in) || is_double($in)) { return $in; } elseif (is_bool($in)) { return $in ? 1 : 0; } elseif (is_null($in)) { return 'NULL'; } else { return "'" . str_replace("'", "''", $in) . "'"; } } -- DB_DataObject_FormBuilder - The database at your fingertips http://pear.php.net/package/DB_DataObject_FormBuilder paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php