[英]PHP: How to grab an array checkbox value and then insert each individual result into a database query?
I have a form that has a checkbox list generated dynamically: name="cursoID[]"
Each value correspond to cursoID ( $curso['cursoID']
), which is a value taken from a mySQL SELECT
query that shows me a list of items IDs. 我有一个动态生成复选框列表的表单:
name="cursoID[]"
每个值对应于cursoID( $curso['cursoID']
),这是一个取自mySQL SELECT
查询的值,显示了一个列表物品ID。
The user may select N number of items, and I need to take each one of those (ie. $cursoID = $_POST['cursoID'];
) in order to save them into an INSERT
query. 用户可以选择N个项目,我需要采用其中的每个项目(即
$cursoID = $_POST['cursoID'];
)以便将它们保存到INSERT
查询中。
In the form, I generate each item with a while loop: 在表单中,我使用while循环生成每个项目:
<?php
$conectar = mysqli_connect(HOST, USER, PASS, DATABASE);
$query = " SELECT cursoID, nombreCurso, cursoFechaInicio, modalidadCurso, estadoCurso
FROM cursos
WHERE estadoCurso='abierto'";
$buscarCurso = mysqli_query($conectar,$query);
echo '<div class="checkbox">';
while ($curso=mysqli_fetch_assoc($buscarCurso)) {
echo '<input type="checkbox" name="cursoID[]" value="'.$curso['cursoID'].'">'.$curso['nombreCurso'];
}
echo '</div>';
?>
My database consultation in order to insert that field is a simple select: 我的数据库咨询,以插入该字段是一个简单的选择:
INSERT INTO cursosUsuarios
(userID, cursoID)
VALUES
('$userID', '$cursoID')
I have no issues with $userID, as is a single value. $ userID没有问题,单个值也是如此。
How may I use $cursoID = $_POST['cursoID']
to add it to the database? 我如何使用
$cursoID = $_POST['cursoID']
将其添加到数据库中? I've been reading some other questions (like this one , or this other one ), but couldn't manage to apply it to my case, as I don't know how would I insert it into the database. 我一直在阅读一些其他问题(如这一个 ,或这另外一个 ),但无法管理将它应用到我的情况,因为我不知道我将如何将它插入到数据库中。
I dk how to use mysqli_* so i'll write in PDO. 我dk如何使用mysqli_ *所以我会写在PDO中。 If i could understand correctly this's what u need.
如果我能正确理解这就是你需要的东西。
ps: Security ignored. ps:安全性被忽略了。
$cursors = $_POST['cursorID'];
$user = $_POST['user'];
foreach ($cursors as $cursor) {
$query = $DB->prepare('INSERT INTO table (user, cursor) VALUES (:user, :cursor)');
$query->bindValue(':user', $user, PDO::PARAM_INT);
$query->bindValue(':cursor', $cursor, PDO::PARAM_INT);
$query->execute();
}
There's two main ways you can insert a variable amount of data into your database: 您可以通过两种主要方式将可变数量的数据插入数据库:
Like so: 像这样:
$fields = array();
$values = array();
$fields[] = 'field1';
$fields[] = 'field2';
...
$values[] = 1;
$values[] = 2;
...
$query = 'INSERT INTO table (' . implode(', ', $fields) . ') VALUES (' . implode(',', $values) . ')';
// Execute $query
or: 要么:
Like so (if your checkboxes are named "cursoID[]", the corresponding POST variable will be an array, and you can use anything that'll work with arrays): 像这样(如果您的复选框名为“cursoID []”,相应的POST变量将是一个数组,您可以使用任何可用于数组的东西):
$userID_int = (int)$userID;
foreach ($_POST['cursoID'] as $singleID) {
$singleID_int = (int)$singleID;
// Execute: INSERT INTO cursosUsuarios (userID, cursoID) VALUES ('$userID_int', '$singleID_int')
}
However, be very careful - at the moment, your code is vulnerable to SQL injections (for example, if $_POST['cursoID'] is set to something like 但是,要非常小心 - 目前,您的代码很容易受到SQL注入的攻击(例如,如果将$ _POST ['cursoID']设置为类似
'; DROP DATABASE X
you might - depending on your configuration - allow someone to do a lot of nasty stuff, ranging from bypassing your logins to removing your database. 您可能 - 根据您的配置 - 允许某人做很多令人讨厌的事情,从绕过您的登录到删除您的数据库。 As such, I would recommend taking a step back and looking into how you can parameterize your queries, so you don't have to worry about a hostile visitor injecting data in your SQL query.
因此,我建议退一步,研究如何参数化您的查询,这样您就不必担心恶意访问者在SQL查询中注入数据。 See, for example, this answer .
例如,请参阅此答案 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.