PHP表单不从foreach中的数组向db写入值
我有一个表单,它从一个名为question3的输入数组收集信息,然后我将其发布到ProcessPHP页面,它不会向数据库中的comments字段写入任何内容,或者根据我尝试的explode函数,它会将“array”写入所有的comments字段 如有任何建议,将不胜感激 代码如下:PHP表单不从foreach中的数组向db写入值,php,mysql,foreach,Php,Mysql,Foreach,我有一个表单,它从一个名为question3的输入数组收集信息,然后我将其发布到ProcessPHP页面,它不会向数据库中的comments字段写入任何内容,或者根据我尝试的explode函数,它会将“array”写入所有的comments字段 如有任何建议,将不胜感激 代码如下: foreach ($_POST['question3'] as $key3 => $ans3) { $write = (explode(" ",$_POST['question3']));
foreach ($_POST['question3'] as $key3 => $ans3) {
$write = (explode(" ",$_POST['question3']));
echo "</BR>";
mysql_query("UPDATE trn SET comments = '$write' WHERE id = '$key3'");
if (mysql_affected_rows() == 1) {
$sql1 = "SELECT * FROM trn WHERE id = '$key3'";
$res1 = mysql_query($sql1);
while ($row1 = mysql_fetch_assoc($res1)) {
$userid = $row1['usr_id'];
$certificate_name = $row1['certificate_name'];
$comment = $row1['comments'];
} //$row1 = mysql_fetch_assoc($res1)
if ($comment == NULL) {
echo "Successfully updated <font color=blue>$certificate_name</font> to comments = <font color=green>y</font>";
} else {
$sql2 = "SELECT * FROM ex_usrs WHERE id = '$userid'";
$res2 = mysql_query($sql2);
while ($row2 = mysql_fetch_assoc($res2)) {
$fn = $row2['firstname'];
$ln = $row2['lastname'];
} //$row2 = mysql_fetch_assoc($res2)
echo "Successfully updated <font color=blue>$fn $ln</font> to comments = <font color=green>y</font>";
}
} //mysql_affected_rows() == 1
} //$_POST['question'] as $key => $ans
$sql7 = "SELECT * FROM trn WHERE course_id = '$sel_course_id' AND date_1 = '$sel_date_1' and date_2 = '$sel_date_2'";
$res6 = mysql_query($sql7);
while ($row6 = mysql_fetch_assoc($res6)) {
$rowid6 = $row6['id'];
$uid5 = $row6['usr_id'];
$certificate_name5 = $row6['certificate_name'];
$certificate_issued5 = $row6['certificate_issued'];
$comm7 = $row6['comments'];
if ($uid5 == 'x') {
echo "<tr>";
echo "<td>";
$checked7 = "";
if ($comm7 == '') {
$checked7 = "$comm7";
} else {
$checked7 = "$comm7";
}
echo "<input name='question3[$rowid6][]' type='text' style='width: 675px; height: 30px;' type='text' maxlength='160' $checked7 value='$comm7' />$certificate_name5" . " - Not registered on users table";
echo "</td>";
} else {
$sql8 = "SELECT * FROM ex_usrs WHERE id = '$uid5'";
$res7 = mysql_query($sql8);
while ($row7 = mysql_fetch_assoc($res7)) {
$fn6 = $row7['firstname'];
$ln6 = $row7['lastname'];
$com7 = $row7['comments'];
}
$checked8 = "$comm7";
if ($comm7 == '') {
$checked8 = "$comm7";
} else {
$checked8 = "$comm7";
}
echo " <tr>";
echo " <td>";
echo "<input name='question3[$rowid6][]' type='text' style='width: 675px; height: 30px;' type='text' maxlength='160' $checked8 value='$comm7'/>$fn6 $ln6";
echo "</td>";
}
}
echo " </tr>";
echo " </table>";
echo " </td>";
echo " </tr>";
echo " <tr>";
echo " <td> </td>";
echo " <td><input name='Submit1' type='submit' value='submit'></td>";
echo " </tr>";
echo " </table>";
echo "</form>";
$sql7=“从trn中选择*,其中课程id='sel\u课程id'和日期1='sel\u日期1'和日期2='sel\u日期2';
$res6=mysql\u查询($sql7);
而($row6=mysql\u fetch\u assoc($res6)){
$rowid6=$row6['id'];
$uid5=$row6['usr_id'];
$certificate_name 5=$row6['certificate_name'];
$certificate_issued5=$row6['certificate_issued'];
$comm7=$row6['comments'];
如果($uid5=='x'){
回声“;
回声“;
$checked7=“”;
如果($comm7==''){
$checked7=“$comm7”;
}否则{
$checked7=“$comm7”;
}
echo“$certificate_name5.”-未在用户表上注册”;
回声“;
}否则{
$sql8=“从ex_usrs中选择*,其中id='$uid5';
$res7=mysql\u查询($sql8);
while($row7=mysql\u fetch\u assoc($res7)){
$fn6=$row7['firstname'];
$ln6=$row7['lastname'];
$com7=$row7['comments'];
}
$checked8=“$comm7”;
如果($comm7==''){
$checked8=“$comm7”;
}否则{
$checked8=“$comm7”;
}
回声“;
回声“;
回声“$fn6$ln6”;
回声“;
}
}
回声“;
回声“;
回声“;
回声“;
回声“;
回声“;
回声“;
回声“;
回声“;
回声“;
$\u POST['question3']var_dump($_POST['question3'])您有一些巨大的SQL注入漏洞。如果这段代码上线,你第二天就会被黑客入侵。无论如何,请发布print_r($_post['question3'])的输出
(或MiDo要求的var_dump)。如果$\u POST['question3']
是一个数组,为什么需要它:$write=(explode(“,$\u POST['question3'])?确保循环的内容确实是一个数组。无论是实时站点还是内部网站点,您必须始终警惕安全漏洞。您的代码从不检查MySQL错误。
$sql7 = "SELECT * FROM trn WHERE course_id = '$sel_course_id' AND date_1 = '$sel_date_1' and date_2 = '$sel_date_2'";
$res6 = mysql_query($sql7);
while ($row6 = mysql_fetch_assoc($res6)) {
$rowid6 = $row6['id'];
$uid5 = $row6['usr_id'];
$certificate_name5 = $row6['certificate_name'];
$certificate_issued5 = $row6['certificate_issued'];
$comm7 = $row6['comments'];
if ($uid5 == 'x') {
echo "<tr>";
echo "<td>";
$checked7 = "";
if ($comm7 == '') {
$checked7 = "$comm7";
} else {
$checked7 = "$comm7";
}
echo "<input name='question3[$rowid6][]' type='text' style='width: 675px; height: 30px;' type='text' maxlength='160' $checked7 value='$comm7' />$certificate_name5" . " - Not registered on users table";
echo "</td>";
} else {
$sql8 = "SELECT * FROM ex_usrs WHERE id = '$uid5'";
$res7 = mysql_query($sql8);
while ($row7 = mysql_fetch_assoc($res7)) {
$fn6 = $row7['firstname'];
$ln6 = $row7['lastname'];
$com7 = $row7['comments'];
}
$checked8 = "$comm7";
if ($comm7 == '') {
$checked8 = "$comm7";
} else {
$checked8 = "$comm7";
}
echo " <tr>";
echo " <td>";
echo "<input name='question3[$rowid6][]' type='text' style='width: 675px; height: 30px;' type='text' maxlength='160' $checked8 value='$comm7'/>$fn6 $ln6";
echo "</td>";
}
}
echo " </tr>";
echo " </table>";
echo " </td>";
echo " </tr>";
echo " <tr>";
echo " <td> </td>";
echo " <td><input name='Submit1' type='submit' value='submit'></td>";
echo " </tr>";
echo " </table>";
echo "</form>";