Wednesday, August 25, 2010

nice sanitized mysql insert sample php

$row = array();
$row["firstname"]="Billy";
$row["lastname"]="O'Leary";
$row["create_date"]=date("Y-m-d H:i:s");
$row["status"]="1";
$escaped = array_map(create_function('$a', 'return is_null($a) ? NULL : mysql_real_escape_string($a);'),$row);
$quoted = array_map(create_function('$a', 'return is_null($a) ? "NULL" : "\x27".$a."\x27";'),$escaped);
echo "INSERT INTO `employees`(`".implode("`,`",array_keys($escaped))."`) VALUES(".implode(",",array_values($quoted)).");"."\n";

it generates the sanitized insert query
INSERT INTO `employees`(`firstname`,`lastname`,`create_date`,`status`) VALUES('Billy','O\'Leary','2010-08-25 15:32:37','1');