PHP / MySQL问题插入数组
I am trying to insert data into a MySQL table and one of the columns is inserting 'Array' instead of the array values. What am I missing, please? Thanks.
id studentname title academicdiscipline priority
012345678 TEST, NAME Array Civil 3
012345678 TEST, NAME Array Civil 1
012345678 TEST, NAME Array Civil 4
012345678 TEST, NAME Array Civil 5
012345678 TEST, NAME Array Civil 2
Here is how I insert the data into the database - which works just fine apart from the 'title' column:
if(isset($_POST['submit'])) {
$id = $_POST["id"];
$studentname = $_POST["studentname"];
$title = $_POST["title"];
$academicdiscipline = $_POST["academicdiscipline"];
$priority = $_POST["priority"];
$array = array();
foreach ($priority as $priority) {
if ($priority >=1) {
$array[] = "('$id', '$studentname', '$title', '$academicdiscipline', '$priority')"; }
$query = "INSERT INTO flux_project_selection (id, studentname, title, academicdiscipline, priority) VALUES" .implode(',', $array); }
$retval = mysql_query($query) or die(mysql_error()); }
EDIT: Here is the HTML for the form:
<table width="890" cellspacing="0">
<thead><tr>
<th></th>
<th width="250"> Title </th>
<th width="550"> Description </th>
<th width"90"> Field </th>
<th width="50"> Select </th>
</tr></thead>
<?php
$color1 = "#E9E9E9";
$color2 = "#FFFFFF";
$row_count = 0;
echo "<tr>
<td valign = \"top\" bgcolor=\"$row_color\">
<input type=\"hidden\" name=\"id[]\" value=\"$id\">
<input type=\"hidden\" name=\"studentname[]\" value=\"$studentname\"></td>
<td valign = \"top\" bgcolor=\"$row_color\">
<input type=\"hidden\" name=\"title[]\" value=\"$title\"> $title </td>
<td valign = \"top\" bgcolor=\"$row_color\">
<input type=\"hidden\" name=\"description[]\" value=\"$description\"> $description </td>
<td valign = \"top\" bgcolor=\"$row_color\">
<input type=\"hidden\" name=\"academicdiscipline[]\" value=\"$academicdiscipline\"> $academicdiscipline </td>
<td valign = \"top\" bgcolor=\"$row_color\">
<select name=\"priority[]\" class=\"priority\">
<option> </option>
<option value=\"1\"> 1 </option>
<option value=\"2\"> 2 </option>
<option value=\"3\"> 3 </option>
<option value=\"4\"> 4 </option>
<option value=\"5\"> 5 </option>
<option value=\"6\"> 6 </option>
<option value=\"7\"> 7 </option>
<option value=\"8\"> 8 </option>
<option value=\"9\"> 9 </option>
<option value=\"10\"> 10 </option>
</select>
</td></tr>
<tr bgcolor=\"#ffffff\"> </tr>
<tr bgcolor=\"#902C2E\"> </tr>";
$row_count++;
echo"<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td ><input name=\"reset\" type=\"reset\" value=\"Clear selection\"/>
<input name=\"submit\" type=\"submit\" value=\"Submit selection\"/>
</tr></table>";
?>
Finally got this:
if(isset($_POST['submit']) && !empty($_POST['submit'])) {
$ids = $_POST['id'];
$names = $_POST['studentname'];
$titles = $_POST['title'];
$disciplines = $_POST['academicdiscipline'];
$priorities = $_POST['priority'];
foreach($priorities as $key => $priority) {
if ($priority > 0) {
$query = "INSERT INTO flux_project_selection (id, studentname, title, academicdiscipline, priority)
VALUES ( " . mysql_real_escape_string($ids[$key]) . ",
'" . mysql_real_escape_string($names[$key]) . "',
'" . mysql_real_escape_string($titles[$key]) . "',
'" . mysql_real_escape_string($disciplines[$key]) . "',
" . mysql_real_escape_string($priority) . " )";
$retval = mysql_query($query) or die(mysql_error());
}
}
echo "Worked. <br />";
}
Thanks everyone.
EDIT: Try this first.
I'm not sure why most of your values are working but I'd remove the [] from all of the input names except priority.
These are some helpful ideas too
It seems like your if ($priority >=1) { should wrap the query too or else this could generate an error if the first empty option is selected since $array won't have anything in it.
I'm not really sure of the purpose of $array[] is and if you tried to wrap "('$id', '$studentname', '$title', '$academicdiscipline', '$priority')" in mysql_real_escape_string this would definitely not give you the result you wanted.
First, I wasn't even sure foreach ($priority as $priority) worked. I ran a test and it does, but this will be confusing for you or anyone else looking at the code in the future. I encourage you to name your variables differently like foreach ($priorities as $priority)
Normally I'd try to answer your question but I feel like you should take a look at this method instead.
EDIT: Use this if priority is the only input with multiple values
priorities = $_POST['priority'];
foreach($priorities as $priority){
if($priority > 0)
{
$query = "
INSERT INTO flux_project_selection
(
id, studentname, title, academicdiscipline, priority
)
VALUES
(
" . mysql_real_escape_string($id) . ",
'" . mysql_real_escape_string($studentname) . "',
'" . mysql_real_escape_string($title) . "',
'" . mysql_real_escape_string($academicdiscipline) . "',
" . mysql_real_escape_string($priority) . "
)";
$retval = mysql_query($query) or die(mysql_error());
}
}
EDIT: Edited The following is an example of how you'd loop through the inputs if there were multiple of every input as indicated by the [] included after the input name. <input type=\"hidden\" name=\"id[]\" value=\"$id\">
for($i = 0; $i < count($_POST['id']); $i++) {
if($priority > 0)
{
$query = "
INSERT INTO flux_project_selection
(
id, studentname, title, academicdiscipline, priority
)
VALUES
(
" . mysql_real_escape_string($_POST['id'][i]) . ",
'" . mysql_real_escape_string($_POST['studentname'][i]) . "',
'" . mysql_real_escape_string($_POST['title'][i]) . "',
'" . mysql_real_escape_string($_POST['academicdiscipline'][i]) . "',
" . mysql_real_escape_string($_POST['priority'][i]) . "
)";
$retval = mysql_query($query) or die(mysql_error());
}
}
Also you should look into using mysqli instead of mysql. It's more secure.
MySQL vs MySQLi when using PHP
This method will minimize the changes to your code. A better technique is to use prepared statements to prevent injections but this requires mysqli or PDO
A ton of this simply makes no sense. Please format your code properly, this will help with debuging. In addition, please use a library like PDO. It will make programing these tpyes of things easier, faster, and safer.
I am going to try my best to salvage some of this code. NOTE THE CODE IS NOT SAFE AND DOES NOT PROTECT AGAINST MYSQL INJECTION.
Here is the implementation, and then later I will explain my reasoning...
if (isset($_POST['submit'])) {
$id = $_POST["id"];
$studentname = $_POST["studentname"];
$title = $_POST["title"];
$academicdiscipline = $_POST["academicdiscipline"];
$priority = $_POST["priority"];
foreach ($priority as $single) {
if ($single >=1) {
$values = "('$id', '$studentname', '$title', '$academicdiscipline', '$single')";
$query = "INSERT INTO flux_project_selection (id, studentname, title, academicdiscipline, priority) VALUES " . $values;
$retval = mysql_query($query) or die(mysql_error());
}
}
}
Corrections...
- Fixed foreach loop variable names, don't have your values and array name be the same.
- Got rid of the array variable, it was not doing anything
- Nested everything inside the if, so now foreach selected priority, the script will insert a row into the DB with that priority.
I am not sure if this is what you want the program to do, please let me know.