堆栈内存溢出
  简体   繁体   English

批量插入foreach语句

[英]Bulk INSERT foreach statement

 原文  2011-12-09 09:19:43       php/ mysql

问题描述

I want to bulk insert all POST data without having to individually type each name/field. 我想批量插入所有POST数据,而不必分别键入每个名称/字段。 Is the last line that has the mysql INSERT correct? mysql INSERT的最后一行正确吗? Also I don't have to reprocess mysql_real_escape_string() again for the INSERT correct? 另外我也不必再次处理mysql_real_escape_string()才能正确插入吗? 

if (is_array($_POST['add']))
   foreach ($_POST['add'] as $key => $value) 
   $_POST['add'][$key] = mysql_real_escape_string(stripslashes($value));

   mysql_query("UPDATE mem SET m_".$key."='".$value."' WHERE m_id=$id");

.... more code

   mysql_query("INSERT INTO meminfo m_".$key." VALUES '".$value."'");

2 个解决方案

解决方案1
 1 已采纳  2011-12-09 09:33:17

This code is injection-prone. 该代码易于注入。

You have to whitelist your keys for protection. 您必须将密钥列入白名单以进行保护。
Here is a function to produce SET statement for the mysql queries. 这是一个为mysql查询生成SET语句的函数。 

function dbSet($fields, $source = array()) { 
  $set=''; 
  if (!$source) $source = &$_POST; 
  foreach ($fields as $field) { 
    if (isset($source[$field])) { 
      $set.="`$field`='".mysql_real_escape_string($source[$field])."', "; 
    } 
  } 
  return substr($set, 0, -2);  
}

used like this 这样使用 

$fields = explode(" ","name surname lastname address zip fax phone"); 
$query  = "INSERT INTO $table SET ".dbSet($fields,$_POST['add']); 
$fields = array("foo","bar"); 
$query  = "UPDATE $table SET ".dbSet($fields,$_POST['add'])." where id=".intval($id);

解决方案2
 -1  2011-12-09 09:58:35

You can do something like this: 您可以执行以下操作: 

$fields = $values = $set = '';

foreach ($_POST as $key=>$value) {
  $fields .= '`fld_' . $key . '`,';
  $values .= '"' . mysql_real_escape_string($value) . '",';
  $set .= '`fld_' . $key . '` = "'  . $mysql_real_escape_string($value) .  '",';
}

$fields = substr($fields, 0, -1);
$values = substr($values, 0, -1);
$set = substr($set, 0, -1);

$sql_insert = 'INSERT INTO `table` (' . $fields . ') VALUES (' . $values . ');';
$sql_update = 'UPDATE `table` SET ' . $set . ' WHERE `fld_id`=' . $id . ';';

This code isn't tested, I just wrote it from the top of my head, there could be some errors. 该代码未经测试,我只是从头开始编写,可能会有一些错误。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP批量插入foreach - PHP bulk insert foreach 插入语句在foreach语句中不起作用 - Insert statement not working in foreach statement MySQL准备的带有批量插入的语句 - MySQL prepared statement with bulk insert 批量插入而不是foreach循环:Laravel 5.2.31 - Bulk Insert instead of foreach loop: Laravel 5.2.31 如何在 mysql 中使用 foreach 插入查询批量插入数据库 - How to bulk insert to database using foreach insert query in mysql 如何在 PHP 中使用 foreach 语句插入两个值 - How to insert two values with foreach statement in PHP PHP foreach插入语句与数组有关 - PHP foreach insert statement issue with arrays 从复选框插入到MySQL-foreach语句 - INSERT from checkboxes to MySQL - foreach statement PHP准备语句在foreach中插入太多 - PHP prepare statement insert too many in foreach MYSQL PHP Foreach语句仅提交第一个插入到语句 - MYSQL PHP Foreach statement only submitting first insert into statement
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM