将数组值插入MySQL

I tried to find another question with the answer to this but I've had no luck. My question is basically...will this work?

$insert_tweets = "INSERT INTO tweets (
  'id',
  'created_at',
  'from_user_id',
  'profile_image',
  'from_user',
  'from_user_name',
  'text' 
  ) VALUES (
  {$user_data[$i]["id"]},
  {$user_data[$i]["created_at"]},
  {$user_data[$i]["from_user_id"]},
  {$user_data[$i]["profile_image"]},
  {$user_data[$i]["from_user"]},
  {$user_data[$i]["from_user_name"]},
  {$user_data[$i]["text"]}
)"

        for($i=0;$i<count($user_data);$i++){
            mysqli_query($mysqli,$insert_tweets);
        }

$user_data is a multi-dimensional array, the first level of which is numeric, the subsequent level is associative.

Also, what would be the best way to "database prepare"/sanitize the associative array variables prior to insertion? I don't anticipate any malicious data but it is always possible.

        for($i=0;$i<count($user_data);$i++){
            $insert_tweets = "INSERT INTO tweets ('id','created_at','from_user_id','profile_image','from_user','from_user_name','text') VALUES ({$user_data[$i]["id"]},{$user_data[$i]["created_at"]},{$user_data[$i]["from_user_id"]},{$user_data[$i]["profile_image"]},{$user_data[$i]["from_user"]},{$user_data[$i]["from_user_name"]},{$user_data[$i]["text"]})";
            mysqli_query($mysqli,$insert_tweets);
        }

This should work

Yes, it will work, but the best way to do this would be to use PDO.

You can create nameless parameters in your prepare statement and then just pass in a array to bind values to those params.

$data = array('val1', 'val2');
$query = $db->prepare("INSERT INTO table (col1, col2) VALUES (? , ?)");
$query->execute($data);

PDO will escape the input values for you.

Here's a tutorial on PDO to get you started http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

Here is my suggestion on sanitizing your array:

What i do is create a basic function for sanitizing data:

function array_sanitize(&$item){
    $item = mysql_real_escape_string($item);
}

Then you can use the array_walk() to sanitize your array with your new function. (php manual refrence)

and sanitize by passing in your array like this:

array_walk($user_data, 'array_sanitize');