Article Discussion: Dynamically Insert and Update values in a MySQL database using OOP

Stop writing insert and update SQL statements and cut the time you spend writing simple SQL in half while focusing on the more complicated things. Leave it up to OOP to help you out. We will make a class that goes out and looks for the values for us and builds a SQL statement on the fly. All we have to do is make sure the column names in the database correspond with the field names in the HTML form. Believe me when I say it saves TONS of time. I never write applications that don't use it.


Read the full article here: Dynamically Insert and Update values in a MySQL database using OOP

Support File: MyDatabaseClass.zip

Sammy - excellent article, nice job! Hope to read some more of your articles in the near future.

Thanks man. That was my first one. [blushes]

Interesting idea, but your treatment is somewhat amateurish.

A better way to handle SQL layer abstraction is to encapsulate your SQL handler in a separate class from your database abstraction layer.

For a slightly classier approach, check out the SQL abstraction layer in worlddo.com's source code. You can download the source code for free at:

URL

Excellent start to encapsulate SQL processing in a app ... this article gave some more ideas to do this ...
Thanks for the sharing, keep the good work

I haven't had time to check out the article in depth, so this may be a stupid question, but couldn't anyone use a remote form and insert/upadte/delete whatever they wanted from the DB? I'm concerned about security risks.

Yes, it's not impossible which is why validation is crucial. Something off the top of my head you can do is unset all $_POST variables that have the same name as any crucial flags/other things you don't want changed in your database. Sometimes, however this is not possible or practical. The class as written as is here on DevShed will take any post variable received from the user and blindly dump it into the database. This is fine in most, simple and common cases, but I don't recommend anyone use it for production purposes unless you do some MAJOR data validation.

I've tried this procedure for updating a database, but I find that when a field with a leading zero is added or updated the leading "0" is lost.

It might be the trim function in database.class.php.

Thanks -- Tony

This is because on line 69 (in the AddToDB method,) it checks to see if the value is numeric. If it is, then it inserts the value without single quotes around it. You can remove this condition statement and have it insert everything with single quotes around it. Don't forget to change it on line 128 in the UpdateDB method was well.

Hi everybody, (English is not my native lenguage)

I am new with all this internet stuff. I am a computer engineer, and I am main programer on C, Tcl, OpenGL, and Oracle.

I am self learning HTML, CSS, PHP, MySQL, Javascript, XML, XSLT and I have a question:

These scripts are nice "Dynamically Insert and Update values in a MySQL database using OOP" but it will be better to make a new markup lenguage with XML, where you can write your own forms as a code (Block of data and relations between its) without placing any visual control, and then with XSLT and Javascript (I think) dynamically build all the controls necesaries for showing the data, besides building dynamically the necesary SQLs to load, update, insert, delete or relate data from these controls.

Is there some thing like it for HTML???

I am Oracle developer (I use Oracle for my developments, do not work at Oracle Company) and now I am seen Oracle Developer Siute 9i and when you build a form with Forms Builder, you can save it like XML, and the lenguage is easy to understand if you know Forms Builder philosophy, but I yet do not know how to display it in a browser (Build the DTD is not so difficult, but displaying it is what seams diffcult).

Some ideas ???

Thanks to everybody.

The idea is a good one.

I really enjoyed the article. But I have a question.

How would you go about handling encrypted data (like passwords or credit card numbers) with this routine.

Jeff

Just encrypt it before it gets to the AddToDB method.