将查询字符串插入数据库php-mysql时出错

Question

code updated

i have a table called vote with three fields ans_1,ans_2,ans_3 query strings number is 2 or 3 according to answers the admin is going to save so they look like this ?1=aaa&2=bbb or ?1=aaa&2=bbb&3=ccc my point is to save every query string in a column so i use the code below but it keeps using the last value of the query string only

$queries = $_SERVER['QUERY_STRING'];
$answers = explode("&",$queries );
$num = count($answers);
foreach($answers as $val){
$chars= strlen($val);
$test = substr($val,2,$chars-2);
for($x=1; $x<=$num; $x++){
    $Q = "update vote set ans_'$x' = '$test' where Vote_ID = '1'";
    $R = mysql_query($Q);
    if($R) { echo "done"; } else { echo mysql_errno(); }    
    }
}

Answer 1

If you have dynamic columns for which you are substituting $x , do not enclose $x in quotes:

$Q = "update vote set ans_$x = '$test' where Vote_ID = '1'";

Please be sure to escape the contents of $_SERVER['QUERY_STRING'] with mysql_real_escape_string() .

$test = mysql_real_escape_string($test);

The proper way to parse a query string in PHP is with parse_str() , rather than attempting to explode() on the & .

$queryvars = array();
$parse_str($_SERVER['QUERY_STRING'], $queryvars);
foreach ($queryvars as $key=>$value) {
   // do the loop
}

However, since you are grabbing the whole query string, and not filtering any specific variables, why not just use $_GET ?

$x = 0;
foreach ($_GET as $key=>$value) {
   // do the loop...
   $test = mysql_real_escape_string($value);
   $Q = "update vote set ans_'$x' = '$test' where Vote_ID = '1'";
   $x++;
}

Update

To help you understand why your code isn't working, I'll modify it here. However, this is not the preferred method of performing this task. Using foreach($_GET) as above is much better. Indenting the loop properly will help reveal the problem:

$queries = $_SERVER['QUERY_STRING'];
$answers = explode("&",$queries );
$num = count($answers);

// Your foreach loops over the available querystring params:
// Start by initializing $x to 0
$x = 0;
foreach($answers as $val){
  $chars= strlen($val);
  $test = substr($val,2,$chars-2);

  // You are already inside the foreach loop, so
  // you don't want to start another loop which uses the same value for $test
  // on each iteration.  Instead $x was set to 0 before the outer foreach...
  // There is no need for an inner loop.
  //for($x=1; $x<=$num; $x++){
    // On first iter here, $x is 0. Increments at the end of the loop iter.
    $Q = "update vote set ans_$x = '$test' where Vote_ID = '1'";
    $R = mysql_query($Q);
    if($R) {
      echo "done"; 
    } else { 
      echo mysql_errno(); 
    }
    // On each iteration, increment $x here.
    $x++;
  //} // the inner for loop, commented out...
}

Answer 2

You need to remove the single quotes. Try:

$Q = "update vote set ans_$x = '$test' where Vote_ID = '1'";

Answer 3

删除变量周围的引号..如果要获取查询的值，可能要使用mysql_real_escape_string 。

$Q = "update vote set `ans_$x` = '" . mysql_real_escape_string($test) . "' where Vote_ID = '1'";

Answer 4

My suggestion would be to not use SQL/PHP in this method.

However to answer why it is not working, you cannot use a PHP variable to set the column in a query as you currently have it.

You would need to change $Q = "update vote set ans_'$x' = '$test' where Vote_ID = '1'"; to:

$Q = "update vote set ans_$x = '$test' where Vote_ID = '1'";

Be sure to sanitize the user input for the type of data you are expecting.