Shake's suggestion worked exactly how I needed it to work. I had to substring some things off as he said, but all in all, was just what was needed.

Thanks!!!!


On Wednesday, May 16, 2012 10:23:12 AM UTC-4, Shake wrote:
> El 16/05/2012 16:12, apavluck@gmail.com escribi�:
> > I am trying to setup some generic code that will allow me to update a mysql database via form and php. I can capture the data in the row of the database that I want to update. I can present that in a form populated withthe existing values. What I can't figure out how to do is to avoid typingout the SET statements in the update query.
> > [...]
> > The reason I want to do this is because I manage many projects all withtheir own variables and databases and the update is the only part that I have to type in manually.
>
> Withouth entering in details, security and best practices...
>
> $sqlString = ' UPDATE blablalba SET ';
> foreach($_POST as $key => $value)
> {
> $sqlString .= " `$key` = '$value', ";
> }
>
> // You have to deal here a little with the last comma
>
> It's possible not all data in $_POST are fields of the database. You
> could manage prefixing the indexes or other ways...
>
> foreach($_POST as $key => $value)
> {
> if(!preg_match('/^my_prefix.+/',$key)) continue;
> $sqlString .= " `$key` = '$value', ";
> }
>
> That's some basic ideas, but be carefull, because there are important
> things to take in care when using this metodologies. Using POST data to
> build SQL strings "automagically" implies taking care of sqlInjection
> and thiese kind of things.
>
> Greetings