所以我知道这是不推荐使用的,也是不安全的,但这是我在切换到SQLi之前尝试解决的最后一件事。我不认为SQL中的这一点会使它过于复杂。无论如何,我正在尝试循环,为输入_POST"userids"字段的每个userid生成一行。它是一个相对简单的多接收者消息系统的一部分
if (empty($_POST['userids'])) {
echo "no user ids input";
}
$seq = 1;
$uids = explode(',', $_POST['userids']);
$uids[] = $sess_username;
$uids = array_unique($uids);
print_r(array_values($uids));
$rows = array();
foreach ($uids as $uid) {
$rows[] = array('uid'=>(int)$uid);
}
print_r(array_values($rows));
if (!$uids) {
die('No user ids selected: ' . mysql_error());
if (empty($messageid)) {
$messageid = mysql_insert_id();
}
$insertSql = "INSERT INTO message_recips (messageid, sequence, userid, status) VALUES";
foreach ($rows as $row) {
$insertSql .= "(" . $params[] = $messageid . "," . $params[] = $seq . "," . $params[] = $row['uid'] . ",'" . $params[] = $row['uid'] == $sess_user_id ? 'A' : 'N' . "'),";
}
$insertSql = substr($insertSql, 0, -1);
var_dump($insertSql);
var_dump($params);
$result1 = mysql_query($insertSql);
echo "$insertSql";
var_dump($insertSql);
var_dump($params);
if (!stmt) {
"sql error after stmt";
}
die(header('Location: view.php?id=' . $mid));
} else {
echo "no recips found";
die('no recips found');
}
我的数组中填充了:
array (size=8)
0 => int 35
1 => int 1
2 => int 273
3 => string 'N' (length=1)
5 => int 1
6 => int 0
7 => string 'N' (length=1)
我的sql结果是:
string 'INSERT INTO message_recips VALUES('35', '1', 'Array', 'Array')' (length=62)
这个数组对我来说很好,但它只在SQL表中生成一行,并将前四个值插入该行。
衷心感谢您的帮助-
看看这是否能让您更接近自己的需求。我已经评论了更改的位置。
error_reporting(E_ALL);
if(empty($_POST['userids'])) {
echo "no user ids input";
}
else {
$seq = 1;
$uids = explode(',', $_POST['userids']);
$uids[] = $sess_username;
$uids = array_unique($uids);
foreach($uids as $uid) {
$rows[] = array('uid'=> (int)$uid);
}
// You have a syntax error here
if (!$uids)
die('No user ids selected: ' . mysql_error());
if(empty($messageid))
$messageid = mysql_insert_id();
// Set a multi-dimensional array
$i = 0;
foreach($rows as $row) {
$params[$i][] = "'$messageid'";
$params[$i][] = "'$seq'";
$params[$i][] = "'".$row['uid']."'";
$params[$i][] = ($row['uid'] == $sess_user_id)? "'A'" : "'N'";
$i++;
}
// Set front of sql statement, I am just placeholding column names, you need to change them
$insertSql = "INSERT INTO message_recips (`message_id`,`seq`,`uid`,`session`) VALUES";
// Implode the values generated above
foreach($params as $arrays) {
$values[] = "(".implode(",",$arrays).")";
}
// Implode the multiple rows
$sqls = implode(",",$values);
// Combine front with end
$sql = $insertSql.$sqls;
$result = mysql_query($sql);
}