请参阅此处的图片。我有一个表格,它收集了以下信息:年份(int)、案件编号(varchar。由于年份是一个数字,我在MySQL中设置了int,然后Case number和Time Received都有数字和字母,因此我在MySQL中设置了varchar。我使用数组是因为我插入了很多记录。我使用mysql_real_eescape_string()作为数组。但这并没有奏效。如何将包含字母、符号和数字的数组传递到MySQL中?非常感谢。
//Output any connection error
if ($mysqli->connect_error) {
die('Error : ('. $mysqli->connect_errno .') '. $mysqli->connect_error);
}
if (isset($_REQUEST['submit']) && isset($_REQUEST['year']) ) {
foreach ($_REQUEST['year'] as $k=> $value ){ // loop through array
$year = $_REQUEST['year'];
$c_no = mysql_real_escape_string($_REQUEST['cs']);
$t_r = mysql_real_escape_string($_REQUEST['t_r']);
$mysqli->query("INSERT INTO firearms_id_secs (year, case_no, t_received) VALUES
($year[$k], $c_no[$k], $t_r[$k])");
}
}
?>
这是HTML
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Add more fields using jQuery</title>
<script src="jquery.js"></script>
<script type="text/javascript">
$(document).ready(function(){
var maxField = 10; //Input fields increment limitation
var addButton = $('.add_button'); //Add button selector
var wrapper = $('.field_wrapper'); //Input field wrapper
var fieldHTML = '<div><input type="text" name="year[]" value="" placeholder="Year"/><input type="text" name="cs[]" value="" placeholder="Case no"/><input type="text" name="t_r[]" value="" placeholder="Time Received"/><a href="javascript:void(0);" class="remove_button" title="Remove field"><img src="remove-icon.png"/></a></div>'; //New input field html
var x = 1; //Initial field counter is 1
$(addButton).click(function(){ //Once add button is clicked
if(x < maxField){ //Check maximum number of input fields
x++; //Increment field counter
$(wrapper).append(fieldHTML); // Add field html
}
});
$(wrapper).on('click', '.remove_button', function(e){ //Once remove button is clicked
e.preventDefault();
$(this).parent('div').remove(); //Remove field html
x--; //Decrement field counter
});
});
</script>
<style type="text/css">
input[type="text"]{height:20px; vertical-align:top;}
.field_wrapper div{ margin-bottom:10px;}
.add_button{ margin-top:10px; margin-left:10px;vertical-align: text-bottom;}
.remove_button{ margin-top:10px; margin-left:10px;vertical-align: text- bottom;}
</style>
</head>
<body>
<form name="codexworld_frm" action="" method="post">
<div class="field_wrapper">
<div>
<a href="javascript:void(0);" class="add_button" title="Add field"><img src="add-icon.png"/></a>
</div>
</div>
<input type="submit" name="submit" value="SUBMIT"/>
</form>
</body>
</html>
提交表单时,_POST(或_REQUEST)将显示为以下
array (
'year' =>
array (
0 => '2001',
1 => '2010',
),
'cs' =>
array (
0 => '1',
1 => '2',
),
't_r' =>
array (
0 => '12:00:00',
1 => '13:00:00',
),
'submit' => 'SUBMIT',
)
如果它看起来像会更好
array(
'records' = array(
0=>array('year'=>'2001', 'cs'=>'1', 't_r'=>'12:00:00'),
0=>array('year'=>'2010', 'cs'=>'2', 't_r'=>'13:00:00'),
),
)
这需要更改javascript代码(我现在太懒了……所以我使用SPL MultipleIterator来"模拟"该数据格式)
if ( isset($_POST['submit']) ) {
// add tests for is_array() POST[year], POST[cs] and POST[t_r]
// this will make mysqli throw an exception whenever an operation results in an
// (mysql) error code other than 0 -> no further error handling included in this script....
mysqli_report(MYSQLI_REPORT_ALL|MYSQLI_REPORT_STRICT);
$mysqli = new mysqli('localhost', 'localonly', 'localonly', 'test');
// create a prepared statement and bind the parameters, see http://docs.php.net/mysqli.quickstart.prepared-statements
$stmt = $mysqli->prepare('INSERT INTO firearms_id_secs (year, case_no, t_received) VALUES (?,?,?)');
if ( !$stmt->bind_param('sss', $year, $caseno, $time) ) { // binding all parameters as strings ...let mysql's type system handle it...
yourErrorHandlerHere(); // or throw an exception....
}
// when ever the statement is executed, the current values (at _that_ moment) in $year, $caseno and $time will be used where the ? are in the statement
// this wouldn't be necessary if the POST body looked like record[1][year]=2001&....
$mit = new MultipleIterator;
$mit->attachIterator( new ArrayIterator($_POST['year']) );
$mit->attachIterator( new ArrayIterator($_POST['cs']) );
$mit->attachIterator( new ArrayIterator($_POST['t_r']) );
foreach( $mit as $record ) {
echo 'executing statement with [', join(',', $record), "]<br/>'r'n";
// assign the values to the bound parameters
list($year,$caseno,$time) = $record;
// and then execute the statement (with those values)
/*
you might want to wrap this in a try-catch block, so a single faulty record will not throw off your entire script.
You might also want to look into transactions (in case a single faulty record is supposed to roll back the entire operation)
see http://docs.php.net/language.exceptions , http://dev.mysql.com/doc/refman/5.7/en/commit.html
*/
$stmt->execute();
}
}
编辑:a) 要允许NULL值,您应该在参数中将空字符串替换为NULL
...
// replace empty strings by NULL
$record = array_map(
function($e) {
return 0<strlen(trim($e)) ? $e : NULL;
},
$record
);
// assign the values to the bound parameters
list($year,$caseno,$time) = $record;
...
b) 我不知道在这种情况下为什么以及在哪里需要迭代器的密钥,但是。。。。
<?php
$data=array(
'maj'=>new ArrayIterator(array('A','B','C')),
'min'=>new ArrayIterator(array('a','b','c')),
'foo'=>new ArrayIterator(array('do'=>'re', 'mi'=>'fa', 'so'=>'la', 'ti')),
);
$mit = new MultipleIterator(MultipleIterator::MIT_NEED_ANY|MultipleIterator::MIT_KEYS_ASSOC);
$mit->attachIterator( $data['maj'], 'majuscule' );
$mit->attachIterator( $data['min'], 'minuscule' );
$mit->attachIterator( $data['foo'], 'lalala' );
foreach( $mit as $r ) {
var_export($r);
}
打印
array (
'majuscule' => 'A',
'minuscule' => 'a',
'lalala' => 're',
)array (
'majuscule' => 'B',
'minuscule' => 'b',
'lalala' => 'fa',
)array (
'majuscule' => 'C',
'minuscule' => 'c',
'lalala' => 'la',
)array (
'majuscule' => NULL,
'minuscule' => NULL,
'lalala' => 'ti',
)
确保它是字符串
$c_no = mysql_real_escape_string("$_REQUEST['cs']");
$t_r = mysql_real_escape_string("$_REQUEST['t_r']");
或
$c_no = mysql_real_escape_string( strval($_REQUEST['cs']) );
$t_r = mysql_real_escape_string( strval($_REQUEST['t_r']) );
尝试将''设置为varchar值
$mysqli->query("INSERT INTO firearms_id_secs (year, case_no, t_received)
VALUES ($year[$k], '$c_no[$k]', '$t_r[$k]')");
我将帮助您完成请求的解码部分,其余部分之前已经由@rmondsilva(通过在VARCHARs上加引号)回答。
$year_param = $_REQUEST['year'];
$case_param = $_REQUEST['cs'];
$time_param = $_REQUEST['t_r'];
if (isset($_REQUEST['submit']) && isset($_REQUEST['year']) ) {
foreach ($_REQUEST['year'] as $k=> $value ){ // loop through array
$year = $year_param[$k];
$c_no = mysql_real_escape_string($case_param [$k]);
$t_r = mysql_real_escape_string($time_param [$k]);
$mysqli->query("INSERT INTO firearms_id_secs (year, case_no, t_received) VALUES
($year, '$c_no', '$t_r')");
}
考虑通过