我希望将一个选项插入到多个用户的字段中。选择完成并输入提交后,我有以下代码。我没有得到错误,我得到了下一页的消息发布了5次,这是多少用户不是它的周点表。但没有任何内容插入数据库。
<?
// This code is to use to place info into the MySQL
$sTeam1 = $_POST['sTeam1'];
// (WHERE username FROM authorize WHERE username not in ( SELECT username FROM weekpicks WHERE whatweek='$totalnoOfWeek' )" .
//$nMemberID = (integer) Query
$sql_events = mysql_query("SELECT username FROM authorize WHERE username not in ( SELECT username FROM weekpicks WHERE whatweek='$totalnoOfWeek' )") or die(mysql_error());
while ($row = mysql_fetch_array($sql_events)) {
$username = $row["username"];
("INSERT INTO weekpicks SET " . "username = '" . ($username) . "'," . "date_create = NOW(), " . "whatweek = '" . ($totalnoOfWeek) . "'," . "team = '" . addslashes($sTeam1) . "'" . 'INSERT');
echo "<HTML>
<BODY>
<h2>Your pick of " . ($sTeam1) . ", for week " . ($totalnoOfWeek) . ", has been added.</h2>
<P align=left><a href=\"nopickpolicy.php\">Return to main page</a></p>
</BODY>
</HTML>";
}
?>
答案 0 :(得分:1)
您正在为插入创建字符串,但您没有运行它。
修复你的代码:
while ($row = mysql_fetch_array($sql_events)) {
$username = $row["username"];
mysql_query("INSERT INTO weekpicks SET " . "username = '" . ($username) . "'," . "date_create = NOW(), " . "whatweek = '" . ($totalnoOfWeek) . "'," . "team = '" . addslashes($sTeam1) . "'");
//echo ...
}
修复字符串语法,你可以做到这一点,看起来更好。同样使用mysql_real_escape_string()而不是addslashes(),因为addslashes不像mysql的php本机函数那样安全。
$sTeam1 = mysql_real_escape_string($sTeam1);
mysql_query("INSERT INTO weekpicks SET username = '$username', date_create = NOW(), whatweek = '$totalnoOfWeek', team = '$sTeam1');
我必须告诉你的另一件事:
停止使用mysql_*,改为使用mysqli_*。
mysql_已从PHP7中删除,并在PHP 5.5之后弃用
它不如mysqli_安全,所以请考虑改进新模型的代码。