PHPize Online / SQLize Online  /  SQLtest Online

A A A
Share      Blog   Popular
Copy Format Clear
Copy Clear
Copy Format Clear
<?php #Insert('sdfsdf',['a' => 1, 'sdsd' => 2, 'ererfsd' => 'sfsdfsdfv']); $d = new db($mysqli); $d->insert('sdsdsd', []); class db { public function __construct($db) { $this->db = $db; } function Insert($tblname,$array) { // at least this protection but a whitelist should be really used if (preg_match('![^A-Za-z0-9_]!', $tblname)) { throw new InvalidArgumentException("Invalid table name: $tblname"); } $columns = ''; foreach ($array as $key => $value) { // at least this protection but a whitelist should be really used if (preg_match('![^A-Za-z0-9_]!', $key)) { throw new InvalidArgumentException("Invalid column name: $key"); } // whether to add a comma or not if ($columns) { $columns .= ','; } // identifiers MUST be wrapped in backticks $columns .= "`$key`"; } // a string like ?,?,?... $placeholders = str_repeat('?,', count($array) - 1) . '?'; // it's OK ti use s for all variables $types = $types = $types ?: str_repeat("s", count($array)); $query = "INSERT INTO `$tblname` ($columns) VALUES ($placeholders)"; $stmt = $this->db->prepare($query); $stmt->bind_param($types, ...array_values($array)); $stmt->execute(); } }
Show:  
Copy Clear
© 2024 PHPize - format run and share PHP code with SQL queries online | About project | Disclaimer | our telegram chat
VPS servers at the highest possible quality
PHP versions: PHP 5.6, PHP 7.4, PHP 8.0, PHP 8.1, PHP 8.2.13
RDBMS versions: MySQL 5.7, MySQL 5.7 Sakila (ReadOnly), MySQL 8.0, MySQL 8.0 Sakila (ReadOnly), MariaDB 10, MariaDB 10 Sakila (ReadOnly), SQLite 3, PostgreSQL 10 Bookings (ReadOnly), PostgreSQL 11, PostgreSQL 12, PostgreSQL 13, PostgreSQL 14, PostgreSQL 15, MS SQL Server 2017, MS SQL Server 2019, MS SQL Server 2022, Firebird 4.0, Firebird 4.0 (Employee), Oracle Database 19c (HR), Oracle Database 21c, Oracle Database 23c Free, SOQOL