I can see from your description of the structure that it's an SQL database of some sort. But is it MySQL? MS SQL? Oracle? Please answer this question.
how are you getting the data, and what format is it in?
This makes a big difference as well:
Validation: has the information already been processed (i.e., do you know that it is in the proper format to be stored in the DB)?
Sanitization: has the information been properly sanitized, so it won't create errors or security vulnerabilities when you try to store it (especially important if it came from a user)?
Format: how is the incoming data stored? Is it in an array? an object? a selection of loose variables? POST'd to your script?
Have you already created the SQL code that you need?
You still haven't answered how you're receiving the data and what condition it is in when it gets to your function. All of the things I am asking are important and relevant to your question. Please post the SQL statement you're using as well.
I prefer the mysqli extension - it is object-oriented, but also has a procedural api that is very similar to the mysql_*() functions if that's what you prefer.
<?php
function insertArticle( $DB,$title,$content ){
// check the database handle
if( !($DB instanceof mysqli) ){
// $DB is not a database connection!
// abort
return false;
}
// this will hold your SQL statement:
static $query;
// "static" means it will be "remembered" between calls,
// so it only needs to be set up once.
if( !($query instanceof mysqli_stmt) ){
// not set up yet.
// here's your statement:
$SQL = "INSERT INTO `article`
( `title`,`content` )
VALUES( ?,? )";
// assign the prepared statement to $query
$query = $DB->prepare( $SQL );
// bind $title and $content to the ? markers in the query
$query->bind_param( 'ss',$title,$content );
// ready to go.
}
// execute the query,
// using current values in $title and $content.
$query->execute();
// check if query was successful or not
if( $query->affected_rows === 1 ){
// perfect!
return true;
}
// no good.
return false;
}
This assumes your id column is an AUTO_INCREMENT key. You'll get an SQL error if not; let me know if that is the case.
Here's how you might use your function:
<?php
// set up mysqli DB connection
$DB = new mysqli( 'DBhost','username','password','DatabaseName' );
// check connection
if( mysqli_connect_error() ){
print "couldn't connect to the database.";
}
// later, get the info you want to insert
$title = $_POST['title'];
$content = $_POST['content'];
// you'll probably want to make sure the info is valid.
// but you don't need to worry about sanitization:
// the prepared statement will take care of that.
// now, call the function:
$result = insertArticle( $DB,$title,$content );
// and check if it was successful or not:
print $result?
"data inserted successfully!":
"data insertion failed.";
No - the function as set up allows you to insert to the table 'article'. You could broaden the function by accepting tablename as an additional argument. But you would have to change how the sql query is set up as well as ensure the fieldnames are coded correctly.
I agree with Traq's original comment -
A single function to handle all tables is not a good approach.
Note that simply adding an argument for the table name wouldn't work anyway - not without making the code a lot more complex/ less secure, that is.
You can't parameterize table names in a prepared statement.
If you switch to individual queries, you'll have to handle sanitization yourself (less reliable), and it will still only work if the two tables had the same columns (and if that's the case, why are they different tables?).
What you need to consider is that storing information is not a "generic" task - using a database is less like throwing papers in a file folder and more like filling out a form. You can't just send the info to the DB randomly and expect it to be stored properly.
If you do manage to write a single function to handle "any" table, it's going to be large, convoluted, inefficient, and buggy.
sorry if my english language not good, because i am an indonesian,...
can you help me?
can we make function in php for save data to database, but the function can use for all table in database,....
help me please,....
What kind of database? What kind of data?
A single function to handle all tables is not a good approach.
i make database for article and news,...
i heard in function, including array on it
...how are you getting the data, and what format is it in?
...is your database already made? how is it structured?
...how will the function be used (accepting input from visitors? simple data entry? an automated script? other)?
yes, my database already made,...
fields id(int) title(varchar) content(text)
but i want to make function posible to insert data for all table...
I can see from your description of the structure that it's an SQL database of some sort. But is it MySQL? MS SQL? Oracle? Please answer this question.
This makes a big difference as well:
Validation: has the information already been processed (i.e., do you know that it is in the proper format to be stored in the DB)?
Sanitization: has the information been properly sanitized, so it won't create errors or security vulnerabilities when you try to store it (especially important if it came from a user)?
Format: how is the incoming data stored? Is it in an array? an object? a selection of loose variables? POST'd to your script?
Have you already created the SQL code that you need?
thats MySql i use XAMPP , i use XAMPP 1.7.7
yes i have already created the SQL code,...
You still haven't answered how you're receiving the data and what condition it is in when it gets to your function. All of the things I am asking are important and relevant to your question. Please post the SQL statement you're using as well.
i don't know how to answer, i'm very sorry,...
to insert data: include('conection.php'); $title=$_POST['title']; $title=$_POST['content']; $save = insert into article values('','$title','$content'); mysql_query($save)or die(mysql_error());
so i will make function be like this save('table_name','$title#$content');
i think it will make my work easier... but can't make the function
okay, let's try this:
first, don't use the
mysql_*()functions. They are deprecated and not recommended for new code.I prefer the mysqli extension - it is object-oriented, but also has a procedural api that is very similar to the mysql_*() functions if that's what you prefer.
This assumes your
idcolumn is an AUTO_INCREMENT key. You'll get an SQL error if not; let me know if that is the case.Here's how you might use your function:
That's it.
but, is that possible insert insert data to another table in the same database?
No - the function as set up allows you to insert to the table 'article'. You could broaden the function by accepting tablename as an additional argument. But you would have to change how the sql query is set up as well as ensure the fieldnames are coded correctly.
I agree with Traq's original comment -
Note that simply adding an argument for the table name wouldn't work anyway - not without making the code a lot more complex/ less secure, that is.
You can't parameterize table names in a prepared statement.
If you switch to individual queries, you'll have to handle sanitization yourself (less reliable), and it will still only work if the two tables had the same columns (and if that's the case, why are they different tables?).
What you need to consider is that storing information is not a "generic" task - using a database is less like throwing papers in a file folder and more like filling out a form. You can't just send the info to the DB randomly and expect it to be stored properly.
If you do manage to write a single function to handle "any" table, it's going to be large, convoluted, inefficient, and buggy.
yes, i got it,....
thank you very much,... ^_^