On Thu, 12 Aug 2004 12:34:30 +1000, Tom Rogers <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Thursday, August 12, 2004, 10:03:32 AM, you wrote:
> AH> Hi All,
>
> AH> I have this expression;
> AH> $query = "INSERT INTO $table (%s) VALUES (%s)";
> AH> $query = sprintf($query, implode(",", $fld), implode(",",
> AH> $val));
> AH> $result = mssql_query($query) or die($errmsg);
> AH> I am trying to insert values from an array into the database.
> AH> I keep getting the error that I can't pass column names in this context.
> AH> I know it's because I'm not enclosing $val in quotes.
> AH> I've tried a number of variations;
> AH> implode("\"","\"", $val)
> AH> implode("\',\'", $val)
> AH> implode(",", "\"".$val."\"") - This blows up nicely ;-)
>
> AH> Where am I going wrong on this?
>
> AH> alex hogan
>
> You can do it this way but you must make sure that any strings in your
> values array have been escaped before with mysql_escape_string() and
> probably trimmed as well.
The question was about mssql, not mysql. using str_replace("'", "''",
$str) should work.
>
> $fields = array('id','name','age');
> $values = array(1,'Dave',40);
> $table = 'test';
>
> $sql = sprintf("INSERT INTO %s (%s) VALUES
> ('%s')",$table,implode(',',$fields),implode("','",$values));
> echo $sql;
>
> (It's perfectly ok to quote numbers)
>
--
DB_DataObject_FormBuilder - The database at your fingertips
http://pear.php.net/package/DB_DataObject_FormBuilder
paperCrane --Justin Patrin--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
