由于某些原因,我的数据库中的数组值被切断了。这是我的php
<?php
$con = mysql_connect("localhost","Andrew","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("mydb", $con);
$sql="INSERT INTO persons (firstname, lastname, modelid, system, department, comm, other, shift, comments)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[modelid]','". implode(",", $_POST['system']) ."','$_POST[department]','". implode(",", $_POST['comm']) ."','". implode(",", $_POST['other']) ."','$_POST[shift]','$_POST[comments]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
?>
我的意思是截止是我的复选框条目正确输入,用逗号分隔所有,但它几乎就像我可以输入单个字段的某种字符限制一样。只是搞乱我已经添加了mysql_real_escape_string,没有错误认为这是问题,但我仍然有同样的问题。有没有人见过这个或知道任何可能的修复?
答案 0 :(得分:0)
就像我在评论中所说的那样,最好不要使用用户mysql_* - 更好地使用PDO或MySQLi。
您的代码中存在问题:
$sql="INSERT INTO persons (firstname, lastname, modelid, system, department, comm, other, shift, comments)
VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[modelid]','". implode(",", $_POST['system']) ."','$_POST[department]','". implode(",", $_POST['comm']) ."','". implode(",", $_POST['other']) ."','$_POST[shift]','$_POST[comments]')";
$firstname这样的参数而没有字符串连接(在前3个POST参数之前和之后缺少"。我实现这一点的方式如下:
/*** first sanitize your POST params ***/
$firstname = mysql_real_escape_string($_POST['firstname']));
$lastname= mysql_real_escape_string($_POST['lastname']));
//etc ...
/**the query ***/
$stmt = $dbh->prepare("INSERT INTO persons (firstname, lastname, modelid, system, department, comm, other, shift, comments)
VALUES(:firstname, :lastname, :modelid, :system, :department, :comm, :other, :shift, :comments)");
/*** bind the paramaters ***/
$stmt->bindParam(':firstname', $firstname, PDO::PARAM_STR);
$stmt->bindParam(':lastname', $lastname, PDO::PARAM_STR);
// etc...
/*** execute the prepared statement ***/
$stmt->execute();
答案 1 :(得分:0)