php:如何将大表单数据插入到mysql中
[英]php: how to insert large form data into mysql
问题描述
I am trying to insert a data from a form which has about 1990 characters into mysql.
我试图从一个大约有 1990 个字符的表单中插入一个数据到 mysql 中。 How ever the insert is not working.如何插入不起作用。 when i var_damp the content of the variable is shows the correct content.当我 var_damp 变量的内容显示正确的内容时。 When i set it to an empty string the insert works.当我将它设置为空字符串时,插入工作。 I have done my research and still can't get ti to work.我已经完成了我的研究,但仍然无法让 ti 工作。 I am not trying to upload a file.我不是要上传文件。 This characters are from a textarea in my form.这些字符来自我表单中的文本区域。
Below is the insert code:下面是插入代码:
if (isset($_POST['val'])) {
$score = $_POST['val'];
$course = $_POST['course'];
$mysqli->query("INSERT INTO `evaluate` (`id`, `course`, `score`) VALUES (Null, '$course', '$score')");
Note: is score column has type TEXT in the database.注意:score 列在数据库中的类型为 TEXT。
2 个解决方案
解决方案1
1 已采纳 2016-04-24 00:03:40
This is a common problem because most introductions to mysqli don't cover it right away even when it should be the first thing you learn.这是一个常见问题,因为大多数mysqli介绍并没有立即涵盖它,即使它应该是您学习的第一件事。 Inserting into any database, especially SQL, requires carefully escaping the values you're supplying.插入任何数据库,尤其是 SQL,需要小心地转义您提供的值。 The way these are escaped varies depending on the platform, but the good news is that mysqli can handle it for you.这些转义的方式因平台而异,但好消息是mysqli可以为您处理。
The key is using prepared statements :关键是使用准备好的语句:
$stmt = $mysqli->prepare("INSERT INTO evaluate (course, score) VALUES (?,?)");
$stmt->bind_param('ss', $_POST['course'], $_POST['val']);
$stmt->execute();
Now it's best to enable exceptions so that any errors are not ignored.现在最好启用异常,以免忽略任何错误。 Once in a while we all make little mistakes that can be a giant pain to track down if there isn't any warning about them.偶尔我们都会犯一些小错误,如果没有任何警告,追踪这些错误可能会非常痛苦。 Exceptions make a lot of noise.异常会产生很大的噪音。
If you're just getting started with PHP and databases, you might want to evaluate using PDO which is significantly better than mysqli for a number of reasons, or a higher level database layer like Doctrine or Propel which make using the database a lot more pleasant.如果您刚刚开始使用 PHP 和数据库,您可能想要评估使用PDO ,出于多种原因,它明显优于mysqli ,或者使用更高级别的数据库层,如Doctrine或Propel ,这使得使用数据库更加愉快.
解决方案2
0 2016-04-23 23:15:19
I have a single quote (') in the text and not escaping it meant that the SQL statement was been interpreted wrongly我在文本中有一个单引号 (') 并且没有转义这意味着 SQL 语句被错误地解释
The correct way to go, and you must always do this, is:正确的方法,你必须始终这样做,是:
$score = $mysqli->real_escape_string($_POST['val']); $course = $mysqli->real_escape_string($_POST['course']); $mysqli->query("INSERT INTO $score = $mysqli->real_escape_string($_POST['val']); $course = $mysqli->real_escape_string($_POST['course']); $mysqli->query("INSERT INTO evaluate ( id , course , score )VALUES (Null, '$course', '$score')"); $score = $mysqli->real_escape_string($_POST['val']); $course = $mysqli->real_escape_string($_POST['course']); $mysqli->query("INSERT INTO ( id , course , score )VALUES (Null, '$course', '$score')");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.