更新
我已经根据phantom的建议更新了我的代码。它仍然没有完全工作,尽管:question_id
在数据库中总是0,即使它不在数组中:
var_dump($_POST['question_id'])
array(2) { [0]=> string(2) "22" [1]=> string(2) "23" }
查询:
string(122) "INSERT INTO student_score(course_uid, student_uid, question_uid, answer) VALUES
(1, 4, 0, 'answer1'),
(1, 4, 0, 'answer4')
这是新代码:
$sql_data = array();
$sql_prefix = "INSERT INTO student_score(course_uid, student_uid, question_uid, answer) VALUES";
foreach($_POST['answer'] as $id => $answer){
// don't use $_REQUEST!
$course_id = (int) $_POST['course_id'][$i];
$student_id = (int) $_POST['student_id'][$i];
$question_id = (int) $_POST['question_id'][$i];
$answer = mysql_real_escape_string($answer);
$sql_data[] = "($course_id, $student_id, $question_id, '$answer')";
}
$sql = $sql_prefix.implode(", 'n", $sql_data);
var_dump($sql);
if(!mysql_db_query($dbName, $sql, $connect)){
$_SESSION['msg'] = "Could not save information, Please try again";
header("Location:student_assignment.php");
//replaced die with else clause
}
else{
$_SESSION['msg'] = "Question successfully created";
header("Location:student_assignment.php");
}
初始问题:
我在将数组的值添加到mysql数据库中时遇到了一个问题。问题是我有两个循环,如果在其中一个循环中添加INSERT,那么另一个循环会给出错误的值。但如果我在每个循环中回显,它会给出正确的值。
目前,它添加了每个值的两行,其中我只想要每个值的一行。
这是我的代码:
<?php
require_once("settings.inc.php");
// require_once("student_session.inc.php");
session_start();
for ($d = 0; $d <= count($_POST[answer]); $d++) {
$answer = $_POST[answer][$d];//I want to insert this value
//echo $answer;
$ids = $_REQUEST['question_id'];
foreach ($ids as $value) {
//echo $value; //and this value into the INSERT
$sql = "INSERT INTO student_score(answer) VALUES ('$answer')";
$results = mysql_db_query($dbName, $sql, $connect);
}
}
if (!$results) {
$_SESSION['msg'] = "Could not save information, Please try again";
header("Location:student_assignment.php");
die;
}
$_SESSION['msg'] = "Question successfully created";
header("Location:student_assignment.php");
die;
?>
您使用了错误的变量:
"INSERT INTO student_score(answer) VALUES ('$answer')";
您注释要插入的变量称为$value
,因此您打算写:
"INSERT INTO student_score(answer) VALUES ".
"('".mysql_real_escape_string($value)."')";
(mysql_real_escape_string
用于防止SQL注入攻击(
使用MySQL事务:PHP+MySQL事务示例
您还可以发布以下内容的输出吗?:print_r($_POST(;和print_r($_POST[答案](;
使用$_REQUEST是个坏主意。显式使用POST或GET!
您的代码没有多大意义。
这可能更像你希望它做的事情:
// you will not want <=, that will create an index error upon the last
// iteration, also, you need to quote the key!
// This is fixed:
//for ($d = 0; $d < count($_POST['answer']); $d++) {
// this is a better way
// this assumes, that the indices of the POST array nicely correspond with each
// other.
$sql_data = array();
$sql_prefix = "INSERT INTO student_score(question_id, student_id, course_id, answer) VALUES";
foreach($_POST['answer'] as $id => $anwer){
// don't use $_REQUEST!
$question_id = (int) $_POST['question_id'][$i];
$student_id = (int) $_POST['student_id'][$i];
$course_id = (int) $_POST['course_id'][$i];
$answer = your_escape_function($answer)
$sql_data[] = "($question_id, $student_id, $course_id, '$answer')";
}
$sql = $sql_prefix.implode(", 'n", $sql_data);
if(!mysql_db_query($dbName, $sql, $connect)){
$_SESSION['msg'] = "Could not save information, Please try again";
header("Location:student_assignment.php");
//replaced die with else clause
}
else{
$_SESSION['msg'] = "Question successfully created";
header("Location:student_assignment.php");
}
注意
此代码主要基于猜测和假设,您希望它做什么。您需要有一个函数,根据是否启用了magic_quotes
来正确地转义代码。简单地按照另一个答案中的建议调用mysql_real_escape_string()
是不正确的。
请注意,mysql_*函数已经过时。考虑使用PDO或myqsli使用参数化查询。
PS:不要使用$_REQUEST
。