堆栈内存溢出
  简体   繁体   English

PHP / SQL-在多个字段上插入相同的值

[英]php/sql - insert same value on multiple field

 原文  2013-02-03 19:46:07       php/ mysql

问题描述

I have this code (this is working and pass these variable to another file) 我有此代码(正在工作,并将这些变量传递到另一个文件) 

            var month = "<?php echo openedMonthbid();?>";
    var user = "<?php echo $_SESSION['member_id'];?>";
    var day = new Array();


    $(':checkbox:checked').each(function(i){
    day.push('`' + $(this).val() + '`');  });
    var count = day.length;

                            $.ajax({
                            type: "POST",
                            url: "sendBidding.php",
                            data : "user="+user+"&days="+day+"&month="+month+"&number=",
                            dataType: "json",

sendBidding.php sendBidding.php 

$month = $_POST['month'];
$user = $_POST['user'];
$days = $_POST['days'];
$count = $_POST['count'];//if a check 3 values I get '3'


      mysql_query("INSERT INTO $month ($days) VALUES ('1','1','1')");


    $result = true;

    echo json_encode(array("success"=>$result,
                               "datas" => $data,
                                "mon"=>$month));

I would like to add as many values ('1') as the number of days selected. 我想添加与选择的天数一样多的值('1')。 How can I change VALUES ('1','1','1') ? 如何更改VALUES('1','1','1')?

2 个解决方案

解决方案1
 2 已采纳  2013-02-03 19:57:28

Here's a solution for generating a sequence of identical strings. 这是生成相同字符串序列的解决方案。 Use array_fill() . 使用array_fill() 

$month = $_POST['month'];
$days = $_POST['days'];

// Be sure to whitelist $month and $days before using them in an SQL query!  
// For example, you could store an associative array keyed by month,
// containing lists of the day column names.
$month_table_whitelist = array(
  "month_jan" => array("day1", "day2", "day3", /* etc */),
  "month_feb" => array("day1", "day2", "day3", /* etc */),
  /* etc */
);
if (!array_key_exists($month, $month_table_whitelist)) {
  die("Please specify a valid month.");
}
if (!array_search($days, $month_table_whitelist[$month])) {
  die("Please specify a valid day of month.");
}

$count = $_POST['count'];//if a check 3 values I get '3'

$tuples = array_fill(1, $count, "('1')");

$status = mysql_query("INSERT INTO $month ($days) VALUES ".implode(",", $tuples));
if ($status === false) {
  die(mysql_error());
}

PS: Your query is vulnerable to SQL injection, by interpolating unsafe values $month and $days directly into your query. PS:您的查询很容易受到SQL注入的攻击,方法是将不安全的值$ month和$ days直接插值到查询中。 You should use a whitelist method to ensure these inputs match real table and column names in your database, don't just trust the user input. 您应该使用白名单方法来确保这些输入与数据库中的实际表名和列名匹配,而不仅仅是信任用户输入。

PPS: You should know that you're using the ext/mysql functions, but these are deprecated. PPS:您应该知道您正在使用ext / mysql函数,但是这些函数已被弃用。 If this is a new application, you should start using mysqli or PDO before investing more time into using the deprecated API. 如果这是一个新应用程序,则应先使用mysqli或PDO,然后再投入更多时间使用不推荐使用的API。

解决方案2
 -1  2013-02-03 20:10:41

$count = $_POST['count'];//if a check 3 values I get '3'

$daystatic="('1')";

mysql_query("INSERT INTO $month ($days) VALUES ". $daystatic . str_repeat ( ",$daystatic" , $count-1));

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP + SQL-将主键的值插入同一行中的另一个字段 - PHP + SQL - insert value of primary key to another field in the same row 如何将相同的值插入表sql,php - How to insert same value into to tables sql, php php sql insert multiple - php sql insert multiple PHP-将相同字段插入mysql - PHP - insert same field into mysql PHP MS SQL - 在存储过程中传递多值一个字段 - PHP MS SQL - Multiple value one field pass in a stored procedure 使用SQL / PHP插入多行 - Insert multiple rows with SQL/PHP 使用SQL和PHP进行多个INSERT / UPDATE - Multiple INSERT/UPDATE with SQL and PHP 多次插入SQL查询PHP - multiple insert sql query php 将多个值插入同一表字段 - Insert multiple values to the same table field 插入多个相同的输入名称字段Codeigniter - Insert multiple same input name field codeigniter
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM