所以我的问题是,我想在一个团队中添加多个成员,但我似乎不知道如何或是否可以这样做。以下是我的代码,供您回答我的问题。
<?php
$tname = $_POST['tname'];
$maxnum = $_POST['maxnum'];
$host = "localhost";
$sqluname = "root";
$sqlpass = "";
$db = "teams";
$tablename = "team info";
$mem1 = $_POST['mem1'];
$mem2 = $_POST['mem2'];
$mem3 = $_POST['mem3'];
$mem4 = $_POST['mem4'];
$connect = mysqli_connect("$host","$sqluname","$sqlpass","$db") ;
if(mysqli_connect_errno())
{
echo "Problem". mysqli_connect_error();
}
$sql = "INSERT INTO teaminfo (TeamName,MaxNum,Members)
VALUES
('$tname','$maxnum','$mem1')";
/* Inside Members, I would like to add more than just $mem1, like $mem2, $mem3, $mem4.
*/
if(!mysqli_query($connect,$sql)){
die('Error: ' .mysqli_error($connect));
}
echo "Team is added";
mysqli_close($connect);
header("location: TeamDummyClient.html");
?>
$sql = "INSERT INTO teaminfo (TeamName,MaxNum,Members) VALUES";
$sql .= "('$tname','$maxnum','$mem1'),";
$sql .= "('$tname','$maxnum','$mem2'),";
$sql .= "('$tname','$maxnum','$mem3'),";
$sql .= "('$tname','$maxnum','$mem4')";
在插入字符串的值之前,应该先对其进行转义,以防止SQL注入。以下是其中一行的示例:
$sql .= "(
'" . mysqli_real_escape_string($tname) . "',
'" . mysqli_real_escape_string($maxnum) . "',
'" . mysqli_real_escape_string($mem1) . "'
),";