Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/250.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php 改进这个插入类函数_Php_Insert_Foreach - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php 改进这个插入类函数

Php 改进这个插入类函数

php

Php 改进这个插入类函数,php,insert,foreach,Php,Insert,Foreach,我不喜欢键入插入查询,您总是会遗漏一些内容,并导致语法错误。因此,我想创建我自己的函数,让我这样做。到目前为止,我得到的是: $data['test'] = array('username' => 'john', 'password' => 'hello', 'userlevel' => '__d'); $table = 'users'; $numItems = count($data['test']); $i =

我不喜欢键入插入查询,您总是会遗漏一些内容,并导致语法错误。因此,我想创建我自己的函数,让我这样做。到目前为止,我得到的是:

$data['test'] = array('username' => 'john', 
              'password' => 'hello',
              'userlevel' => '__d');

$table = 'users';

$numItems = count($data['test']);
$i = 0;

$sql = "INSERT INTO " . $table . "(". implode(", ", array_keys($data['test'])) .")";


$sql .= " VALUES (";

foreach ($data['test'] as $value) {

    if ($i+1 == $numItems and $value == '__d') {
        $sql .= "" . 'NOW()' . ")";
    } else if ($i+1 == $numItems) {
        $sql .= "'" . $value . "')";
    } else if ($value == '__d') {
        $sql .= "" . 'NOW()' . ", ";
    } else {
        $sql .= "'" . $value . "', ";
    }

            $i++;


}

echo $sql;
嗯,是的。关于如何改进这段代码,有什么建议吗?

sprintf可以使代码更具可读性

$columns = array('username'=>'john', 'password'=>'hello', 'userlevel'=>1, 'date'=>$date);
$table = 'users';

//function here
$sql = "INSERT INTO " . $table . "(". implode(",", array_keys($columns)) .") VALUES ('". implode(",", $columns) ."')";

mysql_query($sql);

$columns = array('username'=>'john', 'password'=>'hello', 'userlevel'=>1, 'date'=>$date);
$table = 'users';

$sql = sprintf(
    "insert into %s(%s) values(%s)",
    $table,
    implode( ',', array_keys( $columns ) ),
    implode( ',', array_map( function($v){ return ':'.$v; }, array_keys( $columns ) ) )
);

$stmnt = $pdo->prepare( $sql );
foreach( $columns as $column => $value ) {
    $stmnt->bindValue( ':'.$column, $value );
}
$stmnt->execute();
您需要转义您的值以防止SQL注入:我不会在数据库类函数中这样做。我在外面做那件事:)真的。但它似乎有点长,真的需要每人两个吗?我想我可以改进这段代码,但我不确定如何改进。因为这是一段有效的代码,所以它是一个很好的候选代码。这不会防止语法错误-你仍然可以弄乱字段或表名,最终导致错误的查询。如果我想在sql语句中插入像u d goes to Now()这样的函数,作为sql语句函数,我不能到处使用。啊,我想我现在有了一个改进的想法。 
<?php
//test data
$columns = array(
    'username'=>'john',
    'password'=>'hello',
    'userlevel'=>1,
    'date'=>'__d'
);
$table = 'users';

// replace keys and values with SQL delimeters
foreach($columns as $k=>$v) {
    unset($columns[$k]);

    if ($v != '__d' && !is_int($v))
        $v = "'$v'";

    if ($v == '__d')
        $v = 'NOW()';

    $columns["`$k`"] = $v;
}

// create the query
$sql = sprintf('INSERT INTO %s (%s) VALUES (%s)',
            $table,
            implode(",", array_keys($columns)),
            implode(",", $columns)
       );

echo $sql;
?>

INSERT INTO users (`username`,`password`,`userlevel`,`date`) VALUES ('john','hello',1,NOW())