MYSQL PHP表单提交问题
[英]MYSQL PHP form submit issue
问题描述
I have a form with the action of this: 
我有一个与此有关的形式:
foreach ($_POST as $key => $val)
{
mysql_query("INSERT INTO wp_10_options (option_name, option_value) VALUES ($key, $val) ON DUPLICATE KEY UPDATE option_value = $val;");
}
and the actual code in the form is this: 表单中的实际代码是这样的:
$args = array(
'type' => 'post',
'hide_empty' => 0, //<--IMPORTANT!!
'hierarchical' => 1,
'taxonomy' => 'category',
'pad_counts' => false );
$categories = get_categories($args);
foreach($categories as $category) {
echo '<tr>';
echo "<td>$category->name</td>";
$sql = "SELECT option_value FROM wp_10_options WHERE option_name='$category->slug'";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result))
{
echo "<td><input type='text' name='$category->slug' value='".$row['option_value']."' /></td>";
}
echo '</tr>';
}
Yet it adds nothing to the table? 但这没有增加桌子上的东西吗? Can someone see why? 有人知道为什么吗? I have checked and the post data is being sent? 我已经检查过了并且正在发送帖子数据? And it connects to the DB fine? 它连接到数据库很好吗?
Before you all ask, yes I realize the security threats and etc... 在所有人问之前,是的,我意识到了安全威胁等。
1 个解决方案
解决方案1
0 已采纳 2012-05-22 11:03:48
You need to put $key and $val and $val in quotation marks in the SQL for posting to the database. 您需要在SQL中将$ key和$ val和$ val放在引号中,以便发布到数据库。
foreach ($_POST as $key => $val)
{
mysql_query("INSERT INTO wp_10_options (option_name, option_value) VALUES ('$key', '$val') ON DUPLICATE KEY UPDATE option_value = '$val';");
}
You say you know about security threats: see the comment under your question about using PDO/Prepared statements and this problem would magically disappear and make it more secure (and actually be faster for multiple inserts like this!) 您说您了解安全威胁:请参阅您的问题下有关使用PDO / Prepared语句的注释,此问题将神奇地消失并使其更加安全(对于这样的多次插入,实际上速度更快!)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.