我有一个使用 $_post 访问 insert.php 页面的表单。当我执行 print_r 时,$_post 信息看起来像这样
Array (
[extension] => Array (
[0] => 100
[1] => 101
[2] => 102
)
[secret] => Array (
[0] => a467ca4044f298eff15a26e59f39fe21
[1] => 0c4275de171ef363b77aa6aae27afff1
[2] => c1951bfb07ed6a833d6d785ff4e19123
)
[phone] => Array (
[0] => 80828703658A
[1] => 80828703D858
[2] => 80828703F866
)
[template] => Array (
[0] => Another 600 Template
[1] => Another 600 Template
[2] => Another 600 Template
)
)
insert.php页面仅插入extension和secret中的数据。不是电话或模板数据。手机和模板数据以原始形式通过下拉框进入数组。这是我正在使用的代码
// Escape user inputs for security
$ext = mysqli_real_escape_string($link, $_POST['extension']);
$secret = mysqli_real_escape_string($link, $_POST['secret']);
$macaddress = mysqli_real_escape_string($link, $_POST['phone']);
$templatename = mysqli_real_escape_string($link, $_POST['template']);
// attempt insert query execution
$sql = "INSERT INTO assignments
(id, extension, secret, macaddress, template)
VALUES (null,'$ext', '$secret', '$macaddress', '$templatename')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
我哪里出错了? 谢谢
最佳答案
1)它们是数组,因此您需要在循环中处理它们
2) Your script is at risk of SQL Injection Attack Have a look at what happened to Little Bobby Tables Even if you are escaping inputs, its not safe! Use prepared parameterized statements
3) 如果 id 列是 AutoIncrement,则不需要将 NULL 传递给它,mysql 会自动处理它
// attempt insert query execution
$sql = "INSERT INTO assignments
(extension, secret, macaddress, template)
VALUES (?,?,?,?)";
$result = $link->prepare($sql);
foreach ($_POST['extension'] as $idx => $extention) {
$result->bind_param('ssss',
$extension,
$_POST['secret'][$idx],
$_POST['phone'][$idx],
$_POST['template'][$idx]
);
if( $result->execute() ) {
echo "Records $idx added successfully.";
} else{
echo "ERROR: Could not execute $sql. " . $result->error;
exit;
}
}
// close connection
mysqli_close($link);
?>
关于php - 插入查询缺少的列,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41861793/