stackoom
  简体   繁体   中英

Cannot insert character into mysql column from array

 原文  2014-01-16 17:15:53       php/ mysql/ arrays

Question

I have following code in order to capture data from the previous page. Its working fine, the data is passing true, just the problem is the only variable that has characters ($itemName). I simply cannot insert in mysql column. Its not type setting or character set. I suspecting its something to with a fact that the text is coming from array. Any ideas? 

if(isset($_POST["cantidad"]) && count($_POST['cantidad'])>0) {

    foreach($_POST["cantidad"] as $key => $value) {
        $cantidad = $value;
        $value = $_POST["cantidad"][$key];
        $idItem = $_POST['hiddenField'][$key];
        $itemName = $_POST['hiddenName'][$key];
        $query = "INSERT INTO `inventarioStat` SET `fecha` = $timestamp, `idItem` = $idItem, `nombreItem` = $itemName, `cantidad` = $value";
        ///// this section is to check do data pass true and they do
        echo "<br>";
        echo "value:" . $value . "<br>";
        echo "id:" . $idItem . "<br>";
        echo "name:" . $itemName . "<br>";

         mysql_query($query);
    }     

}

echo "<br>";

1 answers

solution1
 6 ACCPTED  2014-01-16 17:21:36

$query = "INSERT INTO `inventarioStat` SET `fecha` = $timestamp, `idItem` = $idItem, `nombreItem` = $itemName, `cantidad` = $value";

This line is incorrect and extremely unsafe. The issue is that you are not quoting your strings in the SQL query. You need quotes around the $itemName value.

You also need to be escaping the values here. This code is wide open to SQL injection. If you use it, you will probably get hacked.

Try this: 

foreach($_POST["cantidad"] as $key => $value) {
    $cantidad = $value;

    $value = mysql_real_escape_string($_POST["cantidad"][$key]);
    $idItem = mysql_real_escape_string($_POST['hiddenField'][$key]);
    $itemName = mysql_real_escape_string($_POST['hiddenName'][$key]);

    $query = "INSERT INTO `inventarioStat` SET `fecha` = '$timestamp', `idItem` = '$idItem', `nombreItem` = '$itemName', `cantidad` = '$value'";

    mysql_query($query);
}

This code is better , but not perfect. It's safer, but not 100% safe.

You should upgrade to using PDO or MySQLi and prepared statements ( PDO docs or MySQLi docs ).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cannot insert ♥ character in MySQL table Cannot insert into mysql table an image read from associative array Trying to insert column data into mysql from json array cannot insert array into table mysql php Cannot insert post array in mysql table Insert into mysql from php an array PHP insert into mysql from array Insert MySql data from array Insert into MySQL from array with mysqli How to insert array in column of mysql table with php?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM