PHP Tutorial: MySQL Database Insert function

[m0nsta.]

This is my first YouTube tutorial video, so cut my some slack lolol

There's not much really that I can say apart from what is in the description of the video:

This video shows you exactly how to create your own function to quickly insert data into an MySQL database without having to keep typing out mysql_query( "INSERT..." etc every time.

My cursor can not be seen in the video and I am not sure why.

I hope it helped.

Video:
www.youtube.com/watch?v=WJ9zKNC91T0

If you're too lazy to type down the code, here it is:

PHP Code:

<?php
/*
This function will enable you to quickly insert values into an MySQL database.

DATABASE STRUCTURE:
-------------------------------------------------------------
- FIELD  -  TYPE          -  AUTO INCREMENT  -     EXTRA    -
-  id    -  int(11)       -       YES        -  PRIMARY KEY -
- user   -  varchar(25)   -       NO         -              -
- pass   -  varchar(32)   -       NO         -              -
- email  -  varchar(150)  -       NO         -              -
-------------------------------------------------------------

Coded by Mark Eriksson
*/

@mysql_connect( "localhost", "root", "markeriksson" ) or die( "Can not connect to MySQL Database." );
@mysql_select_db( "test_insert" ) or die( "Can not find MySQL database." );

function insert( $table, $data )
{
    $fields = array_keys( $data );
    $values = array_map( "mysql_real_escape_string", array_values( $data ) );
    @mysql_query( "INSERT INTO `" . $table . "` (`" . implode( "`,`", $fields ) . "`) VALUES ('" . implode( "','", $values ) . "');" ) or die( "Can not execute MySQL query." );
}

insert( "user", array( "user"  => "Mark Eriksson",
                       "pass"  => md5( "markeriksson" ),
                       "email" => "me@mark-eriksson.com"
                     ) );
echo "<font color=\"green\">User inserted into database successfully!</font>";
?>

[Ron]

I don't really see a use for this tbh.

I generally do,

PHP Code:

<?php
// db() has all mysqli functions.
$db = new db();
$db->conn();
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$username = cleanfordb($username);
// other sanitization functions here
$db->q("INSERT INTO users (username, password, email) VALUES ('$username', md5('$password'), '$email');");
$db->close();
echo "Registration successful.";
?>

The point of using classes / functions is to make your code cleaner and give yourself the ability to code faster. I can type out the sql statement faster than I can use your insert function, so it seems kind of pointless to me. Other people may not agree, but thats how I see it.

If its not faster to write, it doesn't do its job as a function.

[s-p-n]

I made a similar function for an application, except it was a multidimensional array that contained data on table name, column name, row ID, and a type for each piece of data.

I never typed out the actual 'data', the application took input/output in this form. It was much easier to create the functionality for multiple databases and also different views on the application. Basically every table had a counterpart "view" mode for the application- it could a number of different views. Every piece of data in the table was used by the view controller- which only asked for data- not "mysql" or any other specific database.

I would use MySQLi extension for this, and why are you still using <font> tags???? For real, that's so 10 years ago

PHP Code:

<?php
// db() has all mysqli functions.
$db = new db();
$db->conn();
$username = $_POST['username'];
$password = $_POST['password'];
$email = $_POST['email'];
$username = cleanfordb($username);
// other sanitization functions here
$db->q("INSERT INTO users (username, password, email) VALUES ('$username', md5('$password'), '$email');");
$db->close();
echo "Registration successful.";
?>

I hate to say it, but you're not using a good example of OOP or MySQLi.

If you must make a flaming point, try this:

PHP Code:

$db = new mysqli('host', 'user', 'pass', 'db_name');

if($stmt = $db->prepare('INSERT INTO users (username, password, email) VALUES(?,?,?)') )
{
    $stmt->bind_param('sss', $_POST['username'], md5($_POST['password']), $_POST['email']);
    $stmt->execute();
    $stmt->close();
}

$db->close(); 


By flaming I mean, you said his 6 minutes of code lacks a point. It must serve some purpose to him

[m0nsta.]

I wrote it because I can not be bothered to type the whole mysql_query( "INSERT INTO"... line all the time so I wrote a code that basically does it for me.