我有这个代码(这是工作并将这些变量传递给另一个文件)
var month = "<?php echo openedMonthbid();?>";
var user = "<?php echo $_SESSION['member_id'];?>";
var day = new Array();
$(':checkbox:checked').each(function(i){
day.push('`' + $(this).val() + '`'); });
var count = day.length;
$.ajax({
type: "POST",
url: "sendBidding.php",
data : "user="+user+"&days="+day+"&month="+month+"&number=",
dataType: "json",
sendBidding.php
$month = $_POST['month'];
$user = $_POST['user'];
$days = $_POST['days'];
$count = $_POST['count'];//if a check 3 values I get '3'
mysql_query("INSERT INTO $month ($days) VALUES ('1','1','1')");
$result = true;
echo json_encode(array("success"=>$result,
"datas" => $data,
"mon"=>$month));
我想添加与所选天数一样多的值('1')。如何更改VALUES('1','1','1')?
答案 0 :(得分:2)
这是一个生成一系列相同字符串的解决方案。使用array_fill()。
$month = $_POST['month'];
$days = $_POST['days'];
// Be sure to whitelist $month and $days before using them in an SQL query!
// For example, you could store an associative array keyed by month,
// containing lists of the day column names.
$month_table_whitelist = array(
"month_jan" => array("day1", "day2", "day3", /* etc */),
"month_feb" => array("day1", "day2", "day3", /* etc */),
/* etc */
);
if (!array_key_exists($month, $month_table_whitelist)) {
die("Please specify a valid month.");
}
if (!array_search($days, $month_table_whitelist[$month])) {
die("Please specify a valid day of month.");
}
$count = $_POST['count'];//if a check 3 values I get '3'
$tuples = array_fill(1, $count, "('1')");
$status = mysql_query("INSERT INTO $month ($days) VALUES ".implode(",", $tuples));
if ($status === false) {
die(mysql_error());
}
PS:通过将不安全的值$ month和$ days直接插入到查询中,您的查询很容易受到SQL注入攻击。您应该使用白名单方法来确保这些输入与数据库中的实际表名和列名匹配,不要只信任用户输入。
PPS:您应该知道您正在使用ext / mysql函数,但这些函数已被弃用。如果这是一个新的应用程序,您应该开始使用mysqli或PDO,然后再投入更多时间使用已弃用的API。
答案 1 :(得分:-1)
$count = $_POST['count'];//if a check 3 values I get '3'
$daystatic="('1')";
mysql_query("INSERT INTO $month ($days) VALUES ". $daystatic . str_repeat ( ",$daystatic" , $count-1));