[英]error inserting query strings into db php-mysql
code updated
代码已更新
i have a table called vote with three fields ans_1,ans_2,ans_3 query strings number is 2 or 3 according to answers the admin is going to save so they look like this ?1=aaa&2=bbb or ?1=aaa&2=bbb&3=ccc my point is to save every query string in a column so i use the code below but it keeps using the last value of the query string only 我有一个名为vote的表,其中包含三个字段ans_1,ans_2,ans_3,根据管理员要保存的答案,查询字符串数为2或3,因此它们看起来像这样吗?1 = aaa&2 = bbb或?1 = aaa&2 = bbb&3 = ccc我的观点是将每个查询字符串保存在列中,因此我使用下面的代码,但它仅使用查询字符串的最后一个值
$queries = $_SERVER['QUERY_STRING'];
$answers = explode("&",$queries );
$num = count($answers);
foreach($answers as $val){
$chars= strlen($val);
$test = substr($val,2,$chars-2);
for($x=1; $x<=$num; $x++){
$Q = "update vote set ans_'$x' = '$test' where Vote_ID = '1'";
$R = mysql_query($Q);
if($R) { echo "done"; } else { echo mysql_errno(); }
}
}
If you have dynamic columns for which you are substituting $x
, do not enclose $x
in quotes: 如果您有要替换
$x
动态列,请不要将$x
括在引号中:
$Q = "update vote set ans_$x = '$test' where Vote_ID = '1'";
Please be sure to escape the contents of $_SERVER['QUERY_STRING']
with mysql_real_escape_string()
. 请确保使用
mysql_real_escape_string()
对$_SERVER['QUERY_STRING']
的内容进行转义。
$test = mysql_real_escape_string($test);
The proper way to parse a query string in PHP is with parse_str()
, rather than attempting to explode()
on the &
. 在PHP中解析查询字符串的正确方法是使用
parse_str()
,而不是尝试对&
进行explode()
。
$queryvars = array();
$parse_str($_SERVER['QUERY_STRING'], $queryvars);
foreach ($queryvars as $key=>$value) {
// do the loop
}
However, since you are grabbing the whole query string, and not filtering any specific variables, why not just use $_GET
? 但是,由于要获取整个查询字符串,而不是过滤任何特定的变量,为什么不只使用
$_GET
呢?
$x = 0;
foreach ($_GET as $key=>$value) {
// do the loop...
$test = mysql_real_escape_string($value);
$Q = "update vote set ans_'$x' = '$test' where Vote_ID = '1'";
$x++;
}
To help you understand why your code isn't working, I'll modify it here. 为了帮助您了解代码为何无法正常运行,我将在此处进行修改。 However, this is not the preferred method of performing this task.
但是,这不是执行此任务的首选方法。 Using
foreach($_GET)
as above is much better. 如上所述使用
foreach($_GET)
更好。 Indenting the loop properly will help reveal the problem: 适当缩进循环将有助于揭示问题:
$queries = $_SERVER['QUERY_STRING'];
$answers = explode("&",$queries );
$num = count($answers);
// Your foreach loops over the available querystring params:
// Start by initializing $x to 0
$x = 0;
foreach($answers as $val){
$chars= strlen($val);
$test = substr($val,2,$chars-2);
// You are already inside the foreach loop, so
// you don't want to start another loop which uses the same value for $test
// on each iteration. Instead $x was set to 0 before the outer foreach...
// There is no need for an inner loop.
//for($x=1; $x<=$num; $x++){
// On first iter here, $x is 0. Increments at the end of the loop iter.
$Q = "update vote set ans_$x = '$test' where Vote_ID = '1'";
$R = mysql_query($Q);
if($R) {
echo "done";
} else {
echo mysql_errno();
}
// On each iteration, increment $x here.
$x++;
//} // the inner for loop, commented out...
}
You need to remove the single quotes. 您需要删除单引号。 Try:
尝试:
$Q = "update vote set ans_$x = '$test' where Vote_ID = '1'";
删除变量周围的引号..如果要获取查询的值,可能要使用mysql_real_escape_string
。
$Q = "update vote set `ans_$x` = '" . mysql_real_escape_string($test) . "' where Vote_ID = '1'";
My suggestion would be to not use SQL/PHP in this method. 我的建议是不要在此方法中使用SQL / PHP。
However to answer why it is not working, you cannot use a PHP variable to set the column in a query as you currently have it. 但是,要回答为什么它不起作用,您不能使用PHP变量来设置当前查询中的列。
You would need to change $Q = "update vote set ans_'$x' = '$test' where Vote_ID = '1'";
您需要更改
$Q = "update vote set ans_'$x' = '$test' where Vote_ID = '1'";
to: 至:
$Q = "update vote set ans_$x = '$test' where Vote_ID = '1'";
Be sure to sanitize the user input for the type of data you are expecting. 确保清除用户输入中所需的数据类型。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.