[英]Bulk INSERT foreach statement
I want to bulk insert all POST data without having to individually type each name/field. 我想批量插入所有POST数据,而不必分别键入每个名称/字段。 Is the last line that has the mysql
INSERT
correct? mysql
INSERT
的最后一行正确吗? Also I don't have to reprocess mysql_real_escape_string()
again for the INSERT correct? 另外我也不必再次处理
mysql_real_escape_string()
才能正确插入吗?
if (is_array($_POST['add']))
foreach ($_POST['add'] as $key => $value)
$_POST['add'][$key] = mysql_real_escape_string(stripslashes($value));
mysql_query("UPDATE mem SET m_".$key."='".$value."' WHERE m_id=$id");
.... more code
mysql_query("INSERT INTO meminfo m_".$key." VALUES '".$value."'");
This code is injection-prone. 该代码易于注入。
You have to whitelist your keys for protection. 您必须将密钥列入白名单以进行保护。
Here is a function to produce SET statement for the mysql queries. 这是一个为mysql查询生成SET语句的函数。
function dbSet($fields, $source = array()) {
$set='';
if (!$source) $source = &$_POST;
foreach ($fields as $field) {
if (isset($source[$field])) {
$set.="`$field`='".mysql_real_escape_string($source[$field])."', ";
}
}
return substr($set, 0, -2);
}
used like this 这样使用
$fields = explode(" ","name surname lastname address zip fax phone");
$query = "INSERT INTO $table SET ".dbSet($fields,$_POST['add']);
$fields = array("foo","bar");
$query = "UPDATE $table SET ".dbSet($fields,$_POST['add'])." where id=".intval($id);
You can do something like this: 您可以执行以下操作:
$fields = $values = $set = '';
foreach ($_POST as $key=>$value) {
$fields .= '`fld_' . $key . '`,';
$values .= '"' . mysql_real_escape_string($value) . '",';
$set .= '`fld_' . $key . '` = "' . $mysql_real_escape_string($value) . '",';
}
$fields = substr($fields, 0, -1);
$values = substr($values, 0, -1);
$set = substr($set, 0, -1);
$sql_insert = 'INSERT INTO `table` (' . $fields . ') VALUES (' . $values . ');';
$sql_update = 'UPDATE `table` SET ' . $set . ' WHERE `fld_id`=' . $id . ';';
This code isn't tested, I just wrote it from the top of my head, there could be some errors. 该代码未经测试,我只是从头开始编写,可能会有一些错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.