Use $_POST variable as SQL parameters
Posted on 2016-09-09
I am trying to work out a way of combining post variables with a parameterised query.
At the moment I gather the post variables, store them in their various keys, then feed the values into a parameterised SQL with an array containing the same variables in the same order as the fields within the query.
All fairly standard I think.
The problem is that I am forever having to write code to read and write out the variables, add new variables when the SQL changes and make sure the number of parameters in the array matches the the required parameters in the SQL.
Is there a way that I can use a $_POST variable (holding all the posts) as the SQL parameter array, with the array keys defining which parameter the SQL requires, so all I would need to include in my code is something like...
$sql= "Insert into table (field1, field2, field3, field4) values (?, ?, ?, ?)";
$result=sqlsrv_query($conn, $sql, $params);
Any comments would be appreciated.