[英]php/sql - insert same value on multiple field
I have this code (this is working and pass these variable to another file) 我有此代码(正在工作,并将这些变量传递到另一个文件)
var month = "<?php echo openedMonthbid();?>";
var user = "<?php echo $_SESSION['member_id'];?>";
var day = new Array();
$(':checkbox:checked').each(function(i){
day.push('`' + $(this).val() + '`'); });
var count = day.length;
$.ajax({
type: "POST",
url: "sendBidding.php",
data : "user="+user+"&days="+day+"&month="+month+"&number=",
dataType: "json",
sendBidding.php sendBidding.php
$month = $_POST['month'];
$user = $_POST['user'];
$days = $_POST['days'];
$count = $_POST['count'];//if a check 3 values I get '3'
mysql_query("INSERT INTO $month ($days) VALUES ('1','1','1')");
$result = true;
echo json_encode(array("success"=>$result,
"datas" => $data,
"mon"=>$month));
I would like to add as many values ('1') as the number of days selected. 我想添加与选择的天数一样多的值('1')。 How can I change VALUES ('1','1','1') ?
如何更改VALUES('1','1','1')?
Here's a solution for generating a sequence of identical strings. 这是生成相同字符串序列的解决方案。 Use
array_fill()
. 使用
array_fill()
。
$month = $_POST['month'];
$days = $_POST['days'];
// Be sure to whitelist $month and $days before using them in an SQL query!
// For example, you could store an associative array keyed by month,
// containing lists of the day column names.
$month_table_whitelist = array(
"month_jan" => array("day1", "day2", "day3", /* etc */),
"month_feb" => array("day1", "day2", "day3", /* etc */),
/* etc */
);
if (!array_key_exists($month, $month_table_whitelist)) {
die("Please specify a valid month.");
}
if (!array_search($days, $month_table_whitelist[$month])) {
die("Please specify a valid day of month.");
}
$count = $_POST['count'];//if a check 3 values I get '3'
$tuples = array_fill(1, $count, "('1')");
$status = mysql_query("INSERT INTO $month ($days) VALUES ".implode(",", $tuples));
if ($status === false) {
die(mysql_error());
}
PS: Your query is vulnerable to SQL injection, by interpolating unsafe values $month and $days directly into your query. PS:您的查询很容易受到SQL注入的攻击,方法是将不安全的值$ month和$ days直接插值到查询中。 You should use a whitelist method to ensure these inputs match real table and column names in your database, don't just trust the user input.
您应该使用白名单方法来确保这些输入与数据库中的实际表名和列名匹配,而不仅仅是信任用户输入。
PPS: You should know that you're using the ext/mysql functions, but these are deprecated. PPS:您应该知道您正在使用ext / mysql函数,但是这些函数已被弃用。 If this is a new application, you should start using mysqli or PDO before investing more time into using the deprecated API.
如果这是一个新应用程序,则应先使用mysqli或PDO,然后再投入更多时间使用不推荐使用的API。
$count = $_POST['count'];//if a check 3 values I get '3'
$daystatic="('1')";
mysql_query("INSERT INTO $month ($days) VALUES ". $daystatic . str_repeat ( ",$daystatic" , $count-1));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.