I want to INSERT
a set of data submitted by $_POST (in form of array) as
foreach($_POST['data'] as $single) {
$set[]="('static', '$single')";
}
$sets=implode(", ", $set);
mysql_query("INSERT INTO table (Static, Data) VALUES $sets");
Where is the best place to use use mysql_real_escape_string
to avoid SQL injection, as the data are submitted by users.
在去你的第一个foreach之前。
$_POST['data'] = array_map("mysql_real_escape_string", $_POST['data']);
Try with this:
foreach($_POST['data'] as $single)
{
$set[]="('static', mysql_real_escape_string($single))";
}
$sets = implode(", ", $set);
mysql_query("INSERT INTO `table` (`Static`, `Data`) VALUES ".$sets."");
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.