将数组插入MySQL DB(意外的T_STRING) [英] insert array into MySQL DB (unexpected T_STRING)
本文介绍了将数组插入MySQL DB(意外的T_STRING)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试将数组中的值添加到DB,尝试过许多示例,但仍然没有运气.通过其他方法,我只能将DB的最后一个数组值插入数据库.任何帮助将不胜感激.
I'm trying to add values from array to DB, have tried many variuos examples but still no luck. With other ways I can insert into DB only last array value.. Any help would be appreciated.
$max=count($_SESSION['cart']);
for($i=0;$i<$max;$i++){
$pid=$_SESSION['cart'][$i]['productid'];
$ppid=get_product_id($pid);
$ppav=get_product_name($pid);
$price=get_price($pid);
$date=date('Y-m-d');
$orderid=mysql_insert_id();
$customerid=mysql_insert_id();
$array['cust_id'] = $customerid;
$array['prod_id'] = $ppid;
$array['prod_name'] = $ppav;
$array['price'] = $price;
$array['date'] = $date;
$sql1 = array();
foreach( $array as $row ) {
$sql1[] = '('null', '.$row['cust_id'].', '.$row['prod_id'].', '.$row['prod_name']', '.$row['price'].', '.$row['date'].')';
}
mysql_query('INSERT INTO orders (id, cust_id, prod_id, prod_name, price, date) VALUES '.implode(',', $sql1));
}
推荐答案
$sql1[] = '('null', '.$row['cust_id'].', '.$row['prod_id'].', '.$row['prod_name']', '.$row['price'].', '.$row['date'].')';
应该是
$sql1[] = "(null, '" . $row['cust_id'] . "', '" . etc....
您正在生成错误的PHP字符串,从而导致语法错误.并请注意,此代码容易受到SQL注入的攻击.即使这些数据最初看起来是从数据库中发出的,您仍然可以自行注入.
You're generating bad PHP strings, causing your syntax errors. And note that this code is vulnerable to SQL injections. Even though this data appears to be coming out of a DB initially, you can still inject yourself.
这篇关于将数组插入MySQL DB(意外的T_STRING)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
