PHP:如何获取数组复选框值,然后将每个单独的结果插入数据库查询?
I have a form that has a checkbox list generated dynamically: name="cursoID[]"
Each value correspond to cursoID ($curso['cursoID']), which is a value taken from a mySQL SELECT query that shows me a list of items IDs.
The user may select N number of items, and I need to take each one of those (ie. $cursoID = $_POST['cursoID'];) in order to save them into an INSERT query.
In the form, I generate each item with a while loop:
<?php
$conectar = mysqli_connect(HOST, USER, PASS, DATABASE);
$query = " SELECT cursoID, nombreCurso, cursoFechaInicio, modalidadCurso, estadoCurso
FROM cursos
WHERE estadoCurso='abierto'";
$buscarCurso = mysqli_query($conectar,$query);
echo '<div class="checkbox">';
while ($curso=mysqli_fetch_assoc($buscarCurso)) {
echo '<input type="checkbox" name="cursoID[]" value="'.$curso['cursoID'].'">'.$curso['nombreCurso'];
}
echo '</div>';
?>
My database consultation in order to insert that field is a simple select:
INSERT INTO cursosUsuarios
(userID, cursoID)
VALUES
('$userID', '$cursoID')
I have no issues with $userID, as is a single value.
How may I use $cursoID = $_POST['cursoID'] to add it to the database? I've been reading some other questions (like this one, or this other one), but couldn't manage to apply it to my case, as I don't know how would I insert it into the database.
我有一个动态生成复选框列表的表单: 用户可以选择N个项目,我需要选择其中的每个项目(即 在表单中,我使用while循环生成每个项目: p>
为了插入该字段,我的数据库咨询是一个简单的选择: p>
我没有遇到任何问题 $ userID,单个值。 p>
如何使用 name =“cursoID []” code>
每个值对应于cursoID( $ curso ['cursoID'] code>),这是一个取自mySQL SELECT code>查询的值,它显示了一个项目ID列表 。 p>
$ cursoID = $ _POST ['cursoID']; code>)以便将它们保存到 INSERT code>查询中。 strong> p>
&lt;?php
$ conectar = mysqli_connect(HOST,USER,PASS,DATABASE);
$ query =“SELECT cursoID,nombreCurso,cursoFechaInicio,modalidadCurso,estadoCurso
FROM cursos
WHERE estadoCurso ='abierto'“;
$ buscarCurso = mysqli_query($ conectar,$ query);
echo'&lt; div class =”checkbox“&gt;';
while($ curso = mysqli_fetch_assoc($ buscarCurso)){
echo'&lt; input type =“checkbox”name =“cursoID []”value =“'。$ cu rso ['cursoID']。'“&gt;'。$ curso ['nombreCurso'];
}
echo'&lt; / div&gt;';
?&gt;
code> pre>
INSERT INTO cursosUsuarios
(userID,cursoID)
VALUES
('$ userID','$ cursoID')
code> pre>
$ cursoID = $ _POST ['cursoID'] code>将其添加到数据库中? 我一直在阅读其他一些问题(例如这一个,或者 另一个),但无法管理 将它应用于我的案例,因为我不知道如何将其插入数据库。 p>
div>
There's two main ways you can insert a variable amount of data into your database:
- Build your query dynamically (if you have many columns, and you don't know how many you'll update)
Like so:
$fields = array();
$values = array();
$fields[] = 'field1';
$fields[] = 'field2';
...
$values[] = 1;
$values[] = 2;
...
$query = 'INSERT INTO table (' . implode(', ', $fields) . ') VALUES (' . implode(',', $values) . ')';
// Execute $query
or:
- Add the individual items in separate queries, that you repeat over and over (if you need to fill a variable amount of rows).
Like so (if your checkboxes are named "cursoID[]", the corresponding POST variable will be an array, and you can use anything that'll work with arrays):
$userID_int = (int)$userID;
foreach ($_POST['cursoID'] as $singleID) {
$singleID_int = (int)$singleID;
// Execute: INSERT INTO cursosUsuarios (userID, cursoID) VALUES ('$userID_int', '$singleID_int')
}
However, be very careful - at the moment, your code is vulnerable to SQL injections (for example, if $_POST['cursoID'] is set to something like
'; DROP DATABASE X
you might - depending on your configuration - allow someone to do a lot of nasty stuff, ranging from bypassing your logins to removing your database. As such, I would recommend taking a step back and looking into how you can parameterize your queries, so you don't have to worry about a hostile visitor injecting data in your SQL query. See, for example, this answer.
I dk how to use mysqli_* so i'll write in PDO. If i could understand correctly this's what u need.
ps: Security ignored.
$cursors = $_POST['cursorID'];
$user = $_POST['user'];
foreach ($cursors as $cursor) {
$query = $DB->prepare('INSERT INTO table (user, cursor) VALUES (:user, :cursor)');
$query->bindValue(':user', $user, PDO::PARAM_INT);
$query->bindValue(':cursor', $cursor, PDO::PARAM_INT);
$query->execute();
}