[英]How to insert data into table taking table name value from form?
<? if($_POST['submit'])
{ $taskSelect =$_POST['taskOption'];
$sql =array();
foreach($_POST['task'] as $key => $value){
$sql[] =mysql_real_escape_string($value);
}
$ab ="INSERT INTO" .$taskSelect. "(u_id,task) VALUES ('".$_SESSION['id']."','".implode(',', $sql)."')";
}
$asc =mysql_query($ab);
?>
HTML HTML
Is it possible to do so , As i've tried this but no value is being inserted into table when I'm using table name taken from form? 有可能这样做吗,正如我尝试过的那样,但是当我使用取自表格的表名时,没有值插入表中?
<select name="taskOption">
<option value="today">Today</option>
<option value="weekly">Weekly</option>
<option value="month">Monthly</option>
</select>
You miss some spaces: 您会错过一些空格:
$ab ="INSERT INTO" .$taskSelect. "(u_id,task) VALUES ('".$...
should be 应该
$ab ="INSERT INTO " .$taskSelect. " (u_id,task) VALUES ('".$...
That being said, do not use mysql_*
anymore, read up on prepared statements and input validation. 话虽这么说,不要再使用mysql_*
了,阅读准备好的语句并进行输入验证。 You are wide open to SQL injection right now. 您现在随时可以进行SQL注入。
您必须在INTO之后和“
$ab ="INSERT INTO " .$taskSelect. "(u_id,task) VALUES ('".$_SESSION['id']."','".implode(',', $sql)."')";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.