堆栈内存溢出
  简体   繁体   English

使用具有不同数据类型的array_implode的数组mysql插入

[英]Array mysql insert using array_implode with different datatype

 原文  2017-10-27 08:52:29       php/ mysql

问题描述

Hi i been trying to inserting array's into MySql database 嗨,我一直试图将数组的插入MySql数据库

The problem i am having is that i have different datatypes and sometime data can be a 0 value, having () curly brackets, percentage value with % sign. 我遇到的问题是我有不同的数据类型,有时数据可以是0值,带有()大括号,带有%符号的百分比值。 I would like to know a way use some already built php function that can deal with this issues. 我想知道一种使用一些已经构建的php函数来处理此问题的方法。

So here is what i have done so far: 所以这是我到目前为止所做的: 

$t = array('country_code' => $data->country_code,   
           'Name' => $data->Name,
           'money' => $data->money,
           'chanceToDie' => $data->death,
           'age' => $cb->age)

/*  FORMAT EXAMPLE
    country_code = Africa (AF)
    name = jack
    chanceToDie = 5.5
    age = 62
*/

$columns = implode(", ",array_keys($t));

//Tried
$values = implode(", ",array_values($t));           //Dont work
$values = "'".implode("', '",array_values($t))."'";     //Dont work

$sql = "INSERT INTO table ($columns) VALUES ($values)";

2 个解决方案

解决方案1
 1 已采纳  2017-10-27 08:59:31

You need to quote each individual value and use array_values() instead of array_keys() : 您需要引用每个单独的值,并使用array_values()而不是array_keys() 

$values = '"' . implode('", "', array_values($t)) . '"';

However , this leaves you with an sql injection problem so you should really use a prepared statement. 但是 ,这给您带来了sql注入问题,因此您实际上应该使用准备好的语句。

In PDO you could use something like (assuming you control the keys and they are safe to use): 在PDO中,您可以使用类似的命令(假设您控制密钥并且可以安全使用): 

$values = ':' . implode(', :', array_keys($t));
// generates: ... VALUES(:country_code, :Name, :money,  // etc

Now you can prepare and execute your query using the array to bind the values to the placeholders. 现在,您可以使用数组准备并执行查询,以将值绑定到占位符。 See for example http://php.net/manual/en/pdo.prepared-statements.php (the 6th example). 参见例如http://php.net/manual/en/pdo.prepared-statements.php (第6个示例)。

解决方案2
 1  2017-10-27 09:10:02

Try to use the advantage of PDO prepared queries - it is more safe and convinient. 尝试利用PDO准备的查询的优势-更安全,更方便。

Your code may look like this: 您的代码可能如下所示: 

$col_names = array_keys($t);
// filter column names before inserting to sql to prevent sql injection
array_filter($col_names, function($v){return preg_relace("@\W@", "_", $v);});
// generate placeholders list: ?,?,?,?
$placeholders = implode(',', array_fill(0, count(t), "?"));
$values = array_values($t);

$q = $pdo->prepare('insert into (' . implode(",", $col_names) . ') values (' . $placeholders . ')');
$q->execute($values);

PDO will deal with data types and correctly replace every placeholder with the corresponding value. PDO将处理数据类型,并用相应的值正确替换每个占位符。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 内爆数组并将动态数据插入mysql数据库 - Implode array and insert dynamic data to mysql database 如何在MySQL中以Implode形式插入数组值 - How to insert array value in Implode form in mysql implode()数组将记录插入到MySQL数据库中 - implode() array to insert record into mySql database 如何放大$ _SESSION ARRAY然后插入Mysql - How to Implode $_SESSION ARRAY then insert into Mysql PHP数组内爆插入 - php array implode for insert 放大字符串并插入数组? - Implode string and insert into array? PHP在数组上使用爆破以格式化SQL插入 - PHP to using implode on an array to format for sql insert 使用数组爆破构建插入查询 - Using array implode for building insert query 如何使用爆破数组更新mysql - How to UPDATE mysql using implode array 在 mysql where in 子句中对数组使用内爆 - using implode for array inside mysql where in clause
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM