[英]MySQL query php variable in variable?
I have a PHP function that makes a query to MySQL DB. 我有一个PHP函数,可以查询MySQL数据库。
function regEvent($event, $l)
{
$sqlz_upd="UPDATE {$event} SET f1a='$_POST[F1A"'.$l.'"]'";
The question is what is the syntax to use variable $l in $_POST[F1A$l]? 问题是在$ _POST [F1A $ l]中使用变量$ l的语法是什么?
$condition = $_POST["F1A" . $l];
$sqlz_upd="UPDATE {$event} SET f1a='".mysql_real_escape_string($condition)."'";
This is how to use your dynamic post and be safe for Sql Injection. 这是使用动态帖子并确保SQL注入安全的方法。
Here you go: 干得好:
$var = mysql_real_escape_string($_POST["F1A".$l]);
$sqlz_upd="UPDATE {$event} SET f1a='$var' ";
if you are using a string as key in an associative array. 如果您使用字符串作为关联数组中的键。 It should be enclosed in single or double quotes(though PHP won't give any error).
它应该用单引号或双引号引起来(尽管PHP不会给出任何错误)。
ie $_POST['F1A'. $l] or $_POST["F1A$l"]
即
$_POST['F1A'. $l] or $_POST["F1A$l"]
$_POST['F1A'. $l] or $_POST["F1A$l"]
my suggestion will be... 我的建议是
$sqlz_upd="UPDATE {$event} SET f1a='" . $_POST["F1A$l"] . "'";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.