PHP Array仅将第一条记录写入MySQL数据库

Question

I have the following code trying to catch up to 15 entries upon submission, however it is only catching the first entry in the database and I am receiving the following error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1.

<?php

for($i = 0; $i < 15; $i++)
{
$tournament = $_POST['tournament'];
$agegroup = $_POST['agegroup'];
$teamname = $_POST['teamname'];
$coach = $_POST['coach'];
$coachaau = $_POST['coachaau'];
$phone = $_POST['phone'];
$email = $_POST['email'];
$astcoach = $_POST['astcoach'];
$astno = $_POST['astno'];
$astphone = $_POST['astphone'];
$astemail = $_POST['astemail'];
$manager = $_POST['manager'];
$managerno = $_POST['managerno'];
$managerphone = $_POST['managerphone'];
$manageremail = $_POST['manageremail'];
$name = $_POST['name'][$i];
$grade = $_POST['grade'][$i];
$bday = $_POST['bday'][$i];
$aauno = $_POST['aauno'][$i];

if(empty($name) || empty($grade) || empty ($bday) || empty ($aauno))
{
echo ' ';
}
elseif(

$result = mysql_query("INSERT INTO roster (tournament, agegroup, teamname, coach, coachaau, phone, email, astcoach, astno, astphone, astemail, manager, managerno, managerphone, manageremail, name, grade, bday, aauno) 
    VALUES ( 
'". mysql_real_escape_string($tournament) .  "', 
'". mysql_real_escape_string($agegroup) .  "', 
'". mysql_real_escape_string($teamname) .  "', 
'". mysql_real_escape_string($coach) .  "', 
'". mysql_real_escape_string($coachaau) .  "', 
'". mysql_real_escape_string($phone) .  "', 
'". mysql_real_escape_string($email) .  "', 
'". mysql_real_escape_string($astcoach) .  "', 
'". mysql_real_escape_string($astno) .  "', 
'". mysql_real_escape_string($astphone) .  "',
'". mysql_real_escape_string($astemail) .  "',  
'". mysql_real_escape_string($manager) .  "', 
'". mysql_real_escape_string($managerno) .  "',
'". mysql_real_escape_string($managerphone) .  "', 
'". mysql_real_escape_string($manageremail) .  "', 
'". mysql_real_escape_string($name) .  "', 
'". mysql_real_escape_string($grade) .  "', 
'". mysql_real_escape_string($bday) .  "', 
'". mysql_real_escape_string($aauno) .  "');"));
@mysql_query($result)or die(mysql_error()); 
};
 ?>

Answer 1

The problem is that you have two mysql_query calls here, and while the first one works on the valid query string, the second - @mysql_query($result) works on its result - ie, string '1'. But you actually don't need that call, as the first query should have already sent the data to DB.

The quick fix would be checking $result itself (instead of @mysql_query($result)or die(mysql_error()); line):

if (!$result) {
    die('Invalid query: ' . mysql_error());
}

Said all that, I'd like to remind you that mysql_query (as whole family of mysql_ functions) is deprecated. If you used PDO or MySQLi, you would be able to use a single prepared statement, filled by new data at each iteration.

Also (kudos to @djot for mentioning that) it's not efficient to extract non-array variables from $_POST again and again, instead of doing it just once - before the loop. This way (if you stay with mysql ) you won't have to escape them each time as well. Actually, I'd use something like that here:

$fieldsToInsert = array('tournament', 'agegroup', 'teamname', ...);
$valuesToInsert = [];
foreach ($fieldsToInsert as $field) {
  if (! isset($_POST[$field])) {
    // actually it's not clear what to do here: 
    // should we signal an error immediately with, or use some fallback value
  }
  else {
    $valuesToInsert[$field] = mysql_real_escape_string($_POST[$field]);
  }
}

This way you'll be able to streamline the code that creates a query as well.