Home/ Questions/Q 8198701
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T06:00:22+00:00

I’m new to PHP and MySQL query construction. I asked a similar question yesterday

  • 0

I’m new to PHP and MySQL query construction. I asked a similar question yesterday about columns, and now need help with VALUES. I have a processor for a large form. A few fields are required, most fields are user optional. In my case, the HTML ids and the MySQL column names are identical. I’ve found tutorials about using arrays to convert $_POST into the fields and values for INSERT INTO, but I can’t get them working – after many hours. I’ve stepped back to make a very simple INSERT using arrays and variables, but I’m still stumped. The following lines work and INSERT the values of 5 variables into a database with over 100 columns. The first 4 items are strings, the 5th item, monthlyRental is an integer.

$colsx = array('country', 'stateProvince', 'city3', 'city3Geocode', 'monthlyRental');
$col_string = implode(',', $colsx);
$query = "INSERT INTO `$table` ($col_string) VALUES ( '$country', '$stateProvince', '$city3', '$city3Geocode', '$monthlyRental')";

Following this idea, I use pre-processed variables to construct an array and then implode it to create a string.

//these variables are "pre-processed", e.g., $country=$_POST['country'] and validated, but not yet mysql_real_escape_string
$valsx = array( '$country',  '$stateProvince', '$city3', '$city3Geocode', '$monthlyRental' );
$val_string = implode(",", $valsx);
$query = "INSERT INTO `$table` ($col_string) VALUES ( $val_string )";

It does not work. I’ve tried changing a lot of things, but with no results. The MySQL error that I get with this code is – Unknown column ‘$country’ in ‘field list’ It is referring to ‘$country’ in the $valsx array, but I don’t see how this is a field list, or how to fix the problem.

Please be specific with suggestions. I’m pretty new at MySQL and PHP.

OK, with Iserni’s suggestions, here’s the current code. It does not execute. I need help with his code, and I need help with where and how to put error messages.

$colsx = $fields = $valsx = $values = array();
$colsx = array('country', 'stateProvince', 'city3', 'city3Geocode', 'monthlyRental');
$col_string = implode(',', $colsx);
$valsx = array( "$country",  "$stateProvince", "$city3", "$city3Geocode", "$monthlyRental" );
$val_string = implode(",", $valsx);
foreach($colsx as $col) {
    $fields[] = $col;
    if ( is_numeric($_POST[$col]) ) {
        $values[] = mysql_real_escape_string($_POST[$col]);
    }else{
        $values[] = "'".mysql_real_escape_string($_POST[$col])."'";
    }
}
$fields_sql = implode(',', $fields);
$values_sql = implode(',', $values);
$query = "INSERT INTO `$table` ($fields_sql) VALUES ($values_sql);"
if (!mysql_query($query,$conn))
{
    die('<li class=error>an error occurred posting to the database. </li>'. mysql_error());
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’d do like this:

    $colsx = array('country', 'stateProvince', 'city3', 'city3Geocode', 'monthlyRental');
// List of optional fields
$colsy = array('otherfield', 'other2', ...);

// Building the query
$fields = array();
$values = array();

// Mandatory fields
foreach($colsx as $col)
{
    if (!isset($_POST[$col]))
        die("MISSING field $col";
    $fields[] = $col;
    if (is_numeric($_POST[$col]))
        $values[] = mysql_real_escape_string($_POST[$col]);
    else
        $values[] = "'".mysql_real_escape_string($_POST[$col])."'";
}

// Optional fields
foreach($colsy as $col)
{
    //if (!isset($_POST[$col]))
    //    die("MISSING field $col";
    $fields[] = $col;
    if (is_numeric($_POST[$col]))
        $values[] = mysql_real_escape_string($_POST[$col]);
    else
        $values[] = "'".mysql_real_escape_string($_POST[$col])."'";
}

$fields_sql = implode(',', $fields);
$values_sql = implode(',', $values);

$query = "INSERT INTO `$table` ($fields_sql) VALUES ($values_sql);"

    If you already have the validated fields, you can do it this way (but then it would be better, as I saw someone suggest, to use PDO instead of mysql_ functions; consider doing this later on).

    $data = array(
    // FIELD            VALUE ("$country" and $country are the same thing)
    'country'        => $country,
    'stateProvince'  => $stateProvince,
    'city3'          => $city3,
    ...
);

// If you need to add a field conditionally, you do it like this:
// if (isset($_POST['newfield']))
//     $data['newfield'] = $_POST['newfield'];
// or also, maybe:
//
// if (isset($_POST['newfield']) && !empty($_POST['newfield']))
//     $data['newfield'] = $_POST['newfield'];

// Process the values in $data to get SQL fields (PDO does this by itself)

$values = array();
foreach($data as $field => $value)
{
    if (is_numeric($value))
        $values[] = $value;
    else
        $values[] = "'".mysql_real_escape_string($value)."'";
}
// Now we have all we need. The "fields" are $data's keys.
$fields_sql = implode(',', array_keys($data));
$values_sql = implode(',', $values);

$query = "INSERT INTO `$table` ($fields_sql) VALUES ($values_sql);";

    Same thing using PDO:

    $data = array(
    // FIELD            VALUE ("$country" and $country are the same thing)
    'country'        => $country,
    'stateProvince'  => $stateProvince,
    'city3'          => $city3,
    ...
);

// Process $data to get SQL fields (we could use array_fill)
$values = array();
foreach($data as $field => $value)
    $values[] = '?'; // Placeholder, without quotes

$fields_pdo = implode(',', array_keys($data));
$values_pdo = implode(',', $data);

// This is now INSERT INTO mytable (city,rent,...) VALUES (?,?,?,...);
$query = "INSERT INTO $table ($fields_sql) VALUES ($values_sql);";

$q = $conn->prepare($query);
$q->execute(array_values($data));
    • 0