universal INSERT query using object-oriented programming (OOP) in PHP
example of how you might create a universal INSERT query using object-oriented programming (OOP) in PHP51
Arun Kr.
12-Jun-24
12-Jun-24
To prevent SQL injection attacks in the advanced version of the code, we can use prepared statements, which are already implemented in the example I provided earlier. Prepared statements automatically escape input values, making it nearly impossible for attackers to inject malicious SQL code.
// Method to insert data into a table
public function insertData($table, $data) {
$keys = implode(', ', array_keys($data));
$placeholders = implode(', ', array_fill(0, count($data), '?'));
$stmt = $this->conn->prepare("INSERT INTO $table ($keys) VALUES ($placeholders)");
// Bind parameters dynamically
$types = str_repeat('s', count($data));
$stmt->bind_param($types, ...array_values($data));
if ($stmt->execute()) {
echo "New record created successfully";
} else {
echo "Error: " . $stmt->error;
}
$stmt->close();
}- The
insertData()method dynamically constructs the INSERT query based on the table name and data provided. - This approach makes the code more modular and reusable, adhering to OOP principles.
How To Use This Function :-
// Data to be inserted
$data = array(
'name' => 'John Doe',
'email' => 'john@example.com',
'message' => 'Hello, world!'
);
// Insert data into a table
$db->insertData('your_table_name', $data);
Complete Code Structure
<?php
class Database {
private $servername;
private $username;
private $password;
private $database;
private $conn;
// Constructor to initialize database connection
public function __construct($servername, $username, $password, $database) {
$this->servername = $servername;
$this->username = $username;
$this->password = $password;
$this->database = $database;
// Create connection
$this->conn = new mysqli($this->servername, $this->username, $this->password, $this->database);
// Check connection
if ($this->conn->connect_error) {
die("Connection failed: " . $this->conn->connect_error);
}
}
// Method to insert data into a table
public function insertData($table, $data) {
$keys = implode(', ', array_keys($data));
$placeholders = implode(', ', array_fill(0, count($data), '?'));
$stmt = $this->conn->prepare("INSERT INTO $table ($keys) VALUES ($placeholders)");
// Bind parameters dynamically
$types = str_repeat('s', count($data));
$stmt->bind_param($types, ...array_values($data));
if ($stmt->execute()) {
echo "New record created successfully";
} else {
echo "Error: " . $stmt->error;
}
$stmt->close();
}
// Destructor to close the database connection
public function __destruct() {
$this->conn->close();
}
}
// Usage
$servername = "localhost";
$username = "username";
$password = "password";
$database = "your_database_name";
// Create a new Database object
$db = new Database($servername, $username, $password, $database);
// Data to be inserted
$data = array(
'name' => 'John Doe',
'email' => 'john@example.com',
'message' => 'Hello, world!'
);
// Insert data into a table
$db->insertData('your_table_name', $data);
?>
Buy Me a Coffee