糟糕:[php]foreach?
无法将数据插入表中 这是一个必须插入数据库的文件示例。文件get通过一个简单的表单上传到服务器糟糕:[php]foreach?,php,mysql,json,Php,Mysql,Json,无法将数据插入表中 这是一个必须插入数据库的文件示例。文件get通过一个简单的表单上传到服务器 { “FileName”: “XXXX", “Code”: “11112233", “Contacts”: [ { “rowId” => '', “TicketId” => "xxxxxxxxxxxx", “otherId” => "YYYYYYYYYYYYYYYYYYYYYYY",
{
“FileName”: “XXXX",
“Code”: “11112233",
“Contacts”: [
{
“rowId” => '',
“TicketId” => "xxxxxxxxxxxx",
“otherId” => "YYYYYYYYYYYYYYYYYYYYYYY",
“ClientId” => "wwwwwwwwwwwwwwwwwwwwwwwwwww",
“Name” => "MARCELLO",
“LName” => "MARCELLO",
“Phone” => "4315415151434",
“ADDRESS” => "hhhhhvofvofvvv",
“Mail” => "dfwfwf@fwes.fd"
},
{
“rowId” => '',
“TicketId” => "xxxxxxxxxxxx",
“otherId” => "YYYYYYYYYYYYYYYYYYYYYYY",
“ClientId” => "wwwwwwwwwwwwwwwwwwwwwwwwwww",
“Name” => "MARCELLO",
“LName” => "MARCELLO",
“Phone” => "4315415151434",
“ADDRESS” => "hhhhhvofvofvvv",
“Mail” => "dfwfwf@fwes.fd"
}
]
}
在主页中,我包含了连接到数据库的脚本
我确信它是有效的,通常用于我的网络作品的所有其他页面
$host = "localhost";
$db_user = "xxxx";
$db_pw = "xxxxx";
$db_name = "xxxxx";
// connessione
try {
// stringa di connessione al DBMS
$connessione = new PDO("mysql:host=$host;dbname=$db_name", $db_user, $db_pw);
// impostazione dell'attributo per il report degli errori
$connessione->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
// notifica in caso di errore nel tentativo di connessione
echo "Errore:" .$e->getMessage();
die();
}
这是我上传页面代码的一部分,它并没有给我带来魔力:
$file = file_get_contents($filejson);
if(!function_exists('json_decode')) die('Il server non ha tale funzione');
$result = json_decode($file, true);
foreach ($result as $row){
$sql = "INSERT INTO ibl_Anag (TicketId,otherId,ClientId,Name,LName,MobPhone,Phone,address,mail)
VALUES ('".$row["TicketId"]."'
,'".$row["otherId"]."'
,'".$row["ClientId"]."'
,'".$row["Name"]."'
,'".$row["LName"]."'
,'".$row["Phone"]."'
,'".$row["MainPhone"]."'
,'".$row["address"]."'
,'".$row["mail"]."' )";
$stmt=$connessione->prepare($sql);
$stmt->execute();
if(!$stmt){Echo "la insert non ha funzionato";}
}
我没有从代码中得到错误,但是数据没有插入到mysql表中。也许我在脚本的逻辑上做错了什么,但我不明白在哪里。谁能帮帮我吗。谢谢。 < P>你需要考虑以下内容:
- 使用参数化的prepared语句。这将帮助您消除错误用户输入的错误。在语句中指定占位符(
),准备此语句一次,将值绑定到参数并多次执行该语句李>?
- 您的
无效(如问题中所述)。使用有效的JSON
并从该JSON
中读取JSON
数组以执行您的语句。另外,您的“Contacts”
中没有JSON
,“MainPhone”
是“address”
“address”
<?php
# Connection
$host = "localhost";
$db_user = "xxxx";
$db_pw = "xxxxx";
$db_name = "xxxxx";
try {
$connessione = new PDO("mysql:host=$host;dbname=$db_name", $db_user, $db_pw);
$connessione->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo "Errore:" .$e->getMessage();
die();
}
# Data
$file = file_get_contents($filejson);
if (!function_exists('json_decode')) {
die('Il server non ha tale funzione');
}
$result = json_decode($file, true);
# Prepare and execute statement
try {
$sql =
"INSERT INTO ibl_Anag (TicketId,otherId,ClientId,Name,LName,MobPhone,Phone,address,mail)
VALUES (?,?,?,?,?,?,?,?,?)";
$stmt = $connessione->prepare($sql);
foreach ($result["Contacts"] as $row) {
$ticketId = $row["TicketId"];
$otherId = $row["otherId"];
$clientId = $row["ClientId"];
$name = $row["Name"];
$lname = $row["LName"];
$mobPhone = $row["Phone"];
$phone = $row["Phone"];
$address = $row["ADDRESS"];
$mail = $row["mail"];
$stmt->BindParam(1, $ticketId);
$stmt->BindParam(2, $otherId);
$stmt->BindParam(3, $clientId);
$stmt->BindParam(4, $name);
$stmt->BindParam(5, $lname);
$stmt->BindParam(6, $mobPhone);
$stmt->BindParam(7, $phone);
$stmt->BindParam(8, $address);
$stmt->BindParam(9, $mail);
if (!$stmt->execute()) {
echo "la insert non ha funzionato";
}
}
} catch(PDOException $e) {
echo "Errore:" .$e->getMessage();
die();
}
?>
要正确使用准备好的语句,需要在SQL语句中指定占位符,并在执行语句之前将变量绑定到该语句。美妙之处在于,只需在循环外创建一次
prepared语句
,然后通过更改命名变量的赋值即可在循环中执行多次。下面的代码还没有经过测试,但应该可以指导您实现最终目标
下面的代码使用的是mySQLi
——如果使用PDO
,则可以使用类似的方法,但变量在分配给bindParam
等之前应该存在,即使是空变量
$sql='insert into ibl_anag
( `ticketid`,`otherid`,`clientid`,`name`,`lname`,`mobphone`,`phone`,`address`,`mail` )
values
(?,?,?,?,?,?,?,?,?)';
$stmt=$connessione->prepare( $sql );
if( $stmt ){
/*
assumed that fields named as ID are integers,
other firlds are strings
*/
$stmt->bind_params( 'iiissssss', $tid,$oid,$cid,$name,$lname,$mob,$phone,$addr,$email );
$json = json_decode( file_get_contents( $filejson ) );
foreach( $json as $obj ){
$tid=$obj->TicketId;
$oid=$obj->otherId;
$cid=$obj->ClientId;
$name=$obj->Name;
$lname=$obj->LName;
$mob=$obj->Phone;
$phone=$obj->MainPhone;
$addr=$obj->address;
$email=$obj->mail;
$stmt->execute();
}
$stmt->close();
}
对于PDO
,您可以尝试以下操作:
$sql='insert into ibl_anag
( `ticketid`,`otherid`,`clientid`,`name`,`lname`,`mobphone`,`phone`,`address`,`mail` )
values
(:tid,:oid,:cid,:name,:lname,:mob,:phone,:addr,:email)';
$stmt=$connessione->prepare( $sql );
if( $stmt ){
$json = json_decode( file_get_contents( $filejson ) );
foreach( $json as $obj ){
$stmt->execute(array(
':tid' => $obj->TicketId,
':oid' => $obj->otherId,
':cid' => $obj->ClientId,
':name' => $obj->Name,
':lname'=> $obj->LName,
':mob' => $obj->Phone,
':phone'=> $obj->MainPhone,
':addr' => $obj->address,
':email'=> $obj->mail
));
}
}
您的sql完全忽略了准备语句的要点,并且可能存在漏洞。那么应该如何编写sql部分呢?谢谢
$row[“address”]
应该是$row[“address”]
?谢谢,你的例子让我明白了我的错误。
$sql='insert into ibl_anag
( `ticketid`,`otherid`,`clientid`,`name`,`lname`,`mobphone`,`phone`,`address`,`mail` )
values
(:tid,:oid,:cid,:name,:lname,:mob,:phone,:addr,:email)';
$stmt=$connessione->prepare( $sql );
if( $stmt ){
$json = json_decode( file_get_contents( $filejson ) );
foreach( $json as $obj ){
$stmt->execute(array(
':tid' => $obj->TicketId,
':oid' => $obj->otherId,
':cid' => $obj->ClientId,
':name' => $obj->Name,
':lname'=> $obj->LName,
':mob' => $obj->Phone,
':phone'=> $obj->MainPhone,
':addr' => $obj->address,
':email'=> $obj->mail
));
}
}