将PHP数组中的值插入数据库
我有一个PHP数组p_id(购物车)和产品id。我上次插入了订单id。我需要将购物车中的所有产品插入数据库。所有的工作都很好,我只是不能从数组中插入数据。将有相同的订单id,但与数组不同的产品id将PHP数组中的值插入数据库,php,mysql,arrays,database,insert,Php,Mysql,Arrays,Database,Insert,我有一个PHP数组p_id(购物车)和产品id。我上次插入了订单id。我需要将购物车中的所有产品插入数据库。所有的工作都很好,我只是不能从数组中插入数据。将有相同的订单id,但与数组不同的产品id <?php include "connect.php"; $conn = $_SESSION['connection']; $p_ids = array(); $p_ids = $_SESSION['cart']; $name = $_REQUEST["name"]; $surn
<?php
include "connect.php";
$conn = $_SESSION['connection'];
$p_ids = array();
$p_ids = $_SESSION['cart'];
$name = $_REQUEST["name"];
$surname = $_REQUEST["surname"];
$email = $_REQUEST["email"];
$street = $_REQUEST["street"];
$city = $_REQUEST["city"];
$psc = $_REQUEST["psc"];
$phone = $_REQUEST["phone"];
$sql0 = mysqli_query($conn, "SELECT * FROM products WHERE id IN (" . implode(',', array_map('intval', $p_ids)) . ") AND ordered=1") or die(mysqli_error());
$check = mysqli_num_rows($sql0);
if ($check > 0) {
echo "0";
} else {
$sql1 = "INSERT INTO orders VALUES ('', '$name', '$surname', '$email', '$phone', '$street', '$city', '$psc', CURRENT_TIMESTAMP, '', '', '', '')";
if (mysqli_query($conn, $sql1)) {
$last_id = mysqli_insert_id($conn);
$sql2 = mysqli_query($conn, "UPDATE products SET ordered=1 WHERE id IN (" . implode(',', array_map('intval', $p_ids)) . ")") or die(mysqli_error());
for ($i = 0; $i <= count($p_ids); $i++){
there i need insert arrray into DB
}
echo "New record created successfully. Last inserted ID is: " . $last_id;
} else {
echo "Error: " . $sql1 . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
echo "1";
}
?>
使用foreach
循环将每个产品ID插入表中
$stmt = mysqli_prepare($conn, "INSERT INTO order_products (order_id, product_id) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "ii", $last_id, $product_id);
foreach ($p_ids as $product_id) {
mysqli_stmt_execute($stmt);
}
您的代码对SQL注入非常开放,请学习使用参数化查询,而不是替换变量。是的,我现在需要学习它,谢谢:)您有一些关于它的好文章,可以推荐什么?您没有看到右侧相关链接中的首要问题吗?