PHP for循环插入SQL
[英]PHP for loop Insert SQL
问题描述
can you please explain me why this code doesn't insert int the database? 
您能解释一下为什么这段代码没有将int插入数据库吗?
//INSERT VALUES IN ORDERS
$sqlInsert = "";
for($i = 0; $i < count($_SESSION['cart']); $i++)
{
$resSelect = mysqli_fetch_assoc($sqlContent);
$prodID = $resSelect['ProdID'];
$price = $resSelect['Price'];
$quantity = $_SESSION['cart'][$resSelect['ProdID']];
$sum = ($_SESSION['cart'][$resSelect['ProdID']] *
$resSelect['Price']);
$sqlInsert .= "INSERT into Order (ProdID,
Quantity, Price, Sum, OrderID)
VALUES ($prodID, $quantity, $price, $sum, $userID);";
}
mysqli_query($dbLink, $sqlInsert);
that's the output of var_dump($sqlInsert) : 那是var_dump($sqlInsert)的输出:
INSERT INTO Order (ProdID, quantity,
Price, Sum, OrderID) VALUES (1, 4, 200, 800, 10);
INSERT INTO Order (ProdID, quantity,
Price, Sum, OrderID) VALUES (7, 3, 200, 600, 10);
INSERT INTO Order (ProdID, quantity,
Price, Sum, OrderID) VALUES (9, 3, 200, 600, 10);
this works in the database. 这在数据库中有效。 and the output of var_dump(mysqli_query($dbLink, $sqlInsert)) is always false. 并且var_dump(mysqli_query($dbLink, $sqlInsert))的输出始终为false。
Many thanks in Advance 提前谢谢了
2 个解决方案
解决方案1
2 已采纳 2018-06-05 16:13:10
As other comments above have mentioned, you should always check for errors returned by mysqli_query() . 如上述其他注释所述,您应始终检查mysqli_query()返回的错误。 See example code: http://php.net/manual/en/mysqli.error.php 参见示例代码: http : //php.net/manual/en/mysqli.error.php
The mysqli_query() function doesn't support executing multiple statements. mysqli_query()函数不支持执行多个语句。
I do NOT recommend using mysqli_multi_query() . 我不建议使用mysqli_multi_query() 。 There is little or no benefit to using it, and it introduces new potential SQL injection vulnerabilities (like the famous Little Bobby Tables cartoon ). 使用它几乎没有好处,并且它引入了新的潜在SQL注入漏洞(例如著名的Little Bobby Tables卡通 )。 I spoke with the former Director of Engineering for MySQL, and he said (paraphrasing): "There's no reason for multi-query to exist, it can only do harm." 我与MySQL的前工程总监交谈,他说(措辞):“没有理由存在多重查询,它只会造成危害。”
You should execute the INSERT statements one at a time. 您应该一次执行一次INSERT语句。 There's no reason to append multiple statements together. 没有理由将多个语句附加在一起。
If you're concerned about performance overhead of multiple statements, you can append multiple rows to a single INSERT statement. 如果您担心多个语句的性能开销,则可以将多个行附加到单个INSERT语句中。 Or you can wrap a series of individual INSERT statements in a transaction. 或者,您可以在事务中包装一系列单独的INSERT语句。
You might like to read my presentation Load Data Fast! 您可能想阅读我的演示文稿快速加载数据! where I compare the performance of various strategies of inserting many rows of data. 在这里,我比较了插入多行数据的各种策略的性能。
解决方案2
2 2018-06-05 16:45:32
This is exactly what prepared statements are for: 这正是准备好的语句的用途:
// Note that ORDER is a MySQL reserved keyword and needs special escaping
$stmt = $dbLink->prepare("INSERT into `Order` (ProdID,
Quantity, Price, Sum, OrderID) VALUES (?,?,?,?,?)");
$stmt->bind_param('iiddi', $ProdID, $Quantity, $Price, $Sum, $OrderID);
for($i = 0; $i < count($_SESSION['cart']); $i++)
{
$resSelect = $sqlContent->fetch_assoc();
$ProdID = $resSelect['ProdID'];
$Quantity = $_SESSION['cart'][$resSelect['ProdID']];
$Price = $resSelect['Price'];
$Sum = $_SESSION['cart'][$resSelect['ProdID']] * $resSelect['Price'];
$OrderID = $userID;
$stmt->execute();
}
There's an alarmingly high number of errors in that original code that would prevent it from working at all, so you'll need to be more careful in the future and work more methodically towards solutions. 该原始代码中存在大量令人震惊的错误,这些错误将使它根本无法起作用,因此您将来需要更加小心,并更加有条理地寻求解决方案。 Build up incrementally, testing as you go, to be sure you don't get in too deep into a solution you don't fully understand. 逐步建立并进行测试,以确保您不会对尚未完全理解的解决方案过于深入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.