MYSQL PHP form submit issue
Question
I have a form with the action of this:
foreach ($_POST as $key => $val)
{
mysql_query("INSERT INTO wp_10_options (option_name, option_value) VALUES ($key, $val) ON DUPLICATE KEY UPDATE option_value = $val;");
}
and the actual code in the form is this:
$args = array(
'type' => 'post',
'hide_empty' => 0, //<--IMPORTANT!!
'hierarchical' => 1,
'taxonomy' => 'category',
'pad_counts' => false );
$categories = get_categories($args);
foreach($categories as $category) {
echo '<tr>';
echo "<td>$category->name</td>";
$sql = "SELECT option_value FROM wp_10_options WHERE option_name='$category->slug'";
$result = mysql_query($sql);
while($row = mysql_fetch_array($result))
{
echo "<td><input type='text' name='$category->slug' value='".$row['option_value']."' /></td>";
}
echo '</tr>';
}
Yet it adds nothing to the table? Can someone see why? I have checked and the post data is being sent? And it connects to the DB fine?
Before you all ask, yes I realize the security threats and etc...
1 answers
solution1
0 ACCPTED 2012-05-22 11:03:48
You need to put $key and $val and $val in quotation marks in the SQL for posting to the database.
foreach ($_POST as $key => $val)
{
mysql_query("INSERT INTO wp_10_options (option_name, option_value) VALUES ('$key', '$val') ON DUPLICATE KEY UPDATE option_value = '$val';");
}
You say you know about security threats: see the comment under your question about using PDO/Prepared statements and this problem would magically disappear and make it more secure (and actually be faster for multiple inserts like this!)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.