Is there a good way to write it?

<?php
$x1=$_POST["x1"];
$x2=$_POST["x2"];
$x3=$_POST["x3"];
$x4=$_POST["x4"];
$x5=$_POST["x5"];

function insertData(){
    $query_insert = "insert into english (`f1`,`f2`,`f3`,`f4`,`f5`) 
                     values("$x1","$x2","$x3","$x4","$x5")"; 
    $con->query($query_insert);
    do some  other ting;
}
?>

this is too cumbersome, ha

<?php
function insertData(){
    global $_POST;
    extract($_POST);
    $query_insert = "insert into english (`f1`,`f2`,`f3`,`f4`,`f5`) 
                     values("$x1","$x2","$x3","$x4","$x5")"; 
    $con->query($query_insert);
    do some  other ting;
}
?>

extract ($_ POST); is not safe, eliminated.

<?php
function insertData(){
    $query_insert = "insert into english (`f1`,`f2`,`f3`,`f4`,`f5`) 
                     values("$_POST["x1"]","$_POST["x2"]","$_POST["x3"]","$_POST["x4"]","$_POST["x5"]")"; 
    $con->query($query_insert);
    do some  other ting;
}
?>

this is also very ugly,. Excuse me, is there the best way?
be concise and beautiful

Php
Dec.24,2021

be concise and beautiful, but you don't have to find a handy DB component?
self-masturbation SQL is already ugly


first change to PDO preprocessing to insert data


you have to make sure that there are only a few parameters in $_ POST, otherwise you can only take them out one by one, without any concise method. If inserted, use pdo, and then parameter binding to automatically help you deal with the security issues of sql.


you should write single-purpose and stateless functions.
format checking of user-submitted data should not be placed in an insert function.
insert functions should only be responsible for data insertion and achieve a single purpose.
these stateful quantities should not appear in $_ GET/$_POST functions and should be stateless as far as possible.

function conf_add($name, $value) {
    $db = new PDO();
    $name = $db->quote($name);
    $value = $db->quote($value);
    $sql = "INSERT INTO `conf` (`name`, `value`) VALUES ({$name}, {$value})";
    $rowCount = $db->query($sql)->rowCount();
    return ($rowCount === 0) ? false : $db->lastInsertId();
}

function conf_edit($name, $value) {
    $db = new PDO();
    $name = $db->quote($name);
    $value = $db->quote($value);
    $sql = "UPDATE `conf` SET `value` = {$value} WHERE `name` = {$name}";
    $rowCount = $db->query($sql)->rowCount();
    return ($rowCount === 0) ? false : true;
}

function conf_del($name) {
    $db = new PDO();
    $name = $db->quote($name);
    $sql = "DELETE FROM `conf` WHERE `name` = {$name}";
    $rowCount = $db->query($sql)->rowCount();
    return ($rowCount === 0) ? false : true;
}

function conf_get($name) {
    $db = new PDO();
    $name = $db->quote($name);
    $sql = "SELECT `value` FROM `conf` WHERE `name` = {$name}";
    $rows = $db->query($sql)->fetchAll();
    return (!isset($rows[0])) ? false : $rows[0]['value'];
}

function conf_set($name, $value) {
    if (conf_edit($name, $value)) {
        return true;
    } else {
        if (!conf_add($name, $value)) {
            return false;
        } else {
            return true;
        }
    }
}

<input name = "form['x']">
<input name = "form['y']">
...

so take a $_ POST ['form'] to get all of it. But in fact, we also need to do back-end verification, and we also need to do verification encapsulation (refer to some mainstream frameworks), otherwise we still have to decide separately.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e54ba8-43886.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e54ba8-43886.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?