Php 使用“mysql\u fetch\u数组”插入数据时出错
我使用PHP和MySQL,我面临的问题是使用MySQL\u fetch\u数组插入数据 这是我与Mysql的连接和显示数据的查询 这张桌子里有两张桌子。1张桌子供展示。1更多用于插入数据 试试这个:Php 使用“mysql\u fetch\u数组”插入数据时出错,php,mysql,Php,Mysql,我使用PHP和MySQL,我面临的问题是使用MySQL\u fetch\u数组插入数据 这是我与Mysql的连接和显示数据的查询 这张桌子里有两张桌子。1张桌子供展示。1更多用于插入数据 试试这个: $sno = mysql_real_escape_string($_POST['s_no'][i]); $cls = mysql_real_escape_string($_POST['class_n'][i]); $att = mysql_real_escape_string($_POST['
$sno = mysql_real_escape_string($_POST['s_no'][i]);
$cls = mysql_real_escape_string($_POST['class_n'][i]);
$att = mysql_real_escape_string($_POST['att'][i]);
$tmp = mysql_real_escape_string($_POST['tmp'][i]);
$sql1="INSERT INTO attendance (s_no, class_n, att, tmp) VALUES ('$sno', '$cls', '$att', '$tmp')";
这是我的尝试。。。。让我知道这是否有帮助。我用一种对我有意义的方法重新组织了它。同样,您真的应该更好地锁定此代码。我只是在和失眠作斗争。。。我认为我不能为这篇文章贡献那么多
<?php
#Use Object-Oriented Programming to open DB
$mysqli = new mysqli("$host", "$username", "$password", "$db_name");
if ( $mysqli->connect_error ) {
die('Connect Error: ' . $mysqli->connect_error);
}
$students=$mysqli->prepare("SELECT * FROM `student` WHERE cls_id = '13'");
$students->execute();
$students->store_result();
$studentslist = $students->fetch_array(MYSQLI_ASSOC);
$count = $stmt->num_rows
?>
表单文档
<form name="form1" method="post" action="">
<?php
foreach ($studentslist as $row=>$rows) {
echo "<tr>"
echo "<td>$rows['s_no']</td>";
echo "<td>$rows['name']</td>";
echo "<td>$rows['ic']</td>";
echo "<td>$rows['cls_id']</td>";
echo "<td><select name='att[]' id='att' style=' width:80px'>";
echo " <option value='1'>Atten</option>";
echo " <option value='2'>Absend</option>";
echo " <option value='3'>MC</option>";
echo "</select></td>";
echo "<input name='class_n[]' type='hidden' id='cls_id' value='$rows['cls_id']>";
echo "<input name='s_no[]' type='hidden' id='name' value='$rows['s_no']>";
echo "<input name='tmp[]' type='hidden' id='name' value='1'>";//???? I DONT UNDERSTAND THIS VALUE
}
$students->close;
?>
<input type='submit' name='submit' value='submit'></td>
</form>
<?php
#SECURE YOUR INPUT/POST PARAMETERS TO ONLY ALLOW FROM THE SERVER ITSELF.
#JUST CHECKING FOR SUBMIT FOR NOW
if(isset($_POST["submit"])) {
$sno = $_POST['s_no'];//CAPTURED ARRAY
$cls = $_POST['class_n'];//CAPTURED ARRAY
$att = $_POST['att']);//CAPTURED ARRAY
$tmp = $_POST['tmp'][i];//CAPTURED ARRAY
for ($i = 0; $i <= count(sno); $i++) {
$insert_stmt = $mysql->prepare("INSERT INTO attendance(s_no, class_n, att, tmp) VALUES (?, ?, ?, ?)")) {
$insert_stmt->bind_param('iiii', mysql_real_escape_string($s_no[$i]), mysql_real_escape_string($class_n), mysql_real_escape_string($att), mysql_real_escape_string($tmp));
// Execute the prepared query.
if (! $insert_stmt->execute()) {
echo "Uh oh! Houston we have a problem!!";
else
//$insert_stmt->affected_rows
// DO Something here....
//$insert_stmt->close
echo "<script>console.log('Affected ".$insert_stmt->affected_rows."');</script>";
}
}
}
?>
如果$submit改为ifisset$\u POST[submit],仍会出现错误。这次注意:未定义的变量:s_no,class_n,att,tmp,因为您必须使用$_POST[]数组来访问这些表单值。请尝试将此$sql1=插入到考勤s_no,class_n,att,tmp值中。$_POST['s_no'][i],'.$_POST['class_n']i],'.$_POST['att']i],'.$_POST['tmp']i];这种方法极易受MySQL注入的影响。您还提供了应用程序目录中的凭据,允许对DB服务器进行横向移动攻击。如果DB服务器未配置为阻止执行,则将允许额外的横向移动。你的整个基础设施都会被这样不安全的代码破坏。。没有错误。还可以插入数据。但是所有数据都是0。您必须检查表单是否正确地传递了数据。转到“查看源”并在浏览器上选中。