动态表格和数据库

时间:2018-07-20 09:52:55

标签: php database postgresql

早上好,我在数据库中插入文件时遇到问题。 我正在使用Postgresql。 这是我的数据库的结构:

  

prenotazione(id,nome_rich,cogn_rich,email_rich,oggetto_rich)

     

interni(id,nome_int,cogn_int,email_int)

     

esterni(id,nome_est,cogn_est,email_est)

基本上,我必须允许插入所需数量的参与者(分别带有姓名,姓氏和电子邮件)。 当我尝试将它们插入数据库时​​,出现错误:

  

35)$ result = pg_query($ conn,$ query2); //如果您使用的是pg_query并且$ conn是连接资源

  

50)$ result = pg_query($ conn,$ query3); //如果您使用的是pg_query并且$ conn是连接资源

这是我的代码:

index.php 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 
Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
<title>Prenotazione Videoconferenza</title>
<!-- INIZIO SCRIPT AGGIUNTA DINAMICA -->
<script> 
$(document).ready(function() {
    $("#add1").click(function(e){

      var val1 =$("#n1").val();
      for(var i=0;i<val1;i++){
      $("#start").append($("#first").clone());
      }
    });
});

$(document).ready(function() {
    $("#add2").click(function(){

      var val2 =$("#n2").val();
      for(var i=0;i<val2;i++){
      $("#start2").append($("#first2").clone());
      }
    });
});
</script>
<!-- FINE SCRIPT AGGIUNTA DINAMICA -->
<link rel="stylesheet" type="text/css" href="style.css">
</head>

<body>

Inserire i dati richiesti:<br><br>
<div class="form">
<form method="post" action="input.php">
<b> Richiedente Conferenza:</b><br><br>
Nome:<input type="text" name="name" size="20"><br>
Cognome:<input type="text" name="surname" size="20"><br>
Email: <input type="email" name="email" size="20"><br>
Oggetto Conferenza:<br><textarea name="testo" rows="5" cols="40" placeholder="Specificare oggetto Videoconferenza"></textarea><br>

<br>
<b>Partecipanti Interni</b>
<br>
<br>
<div id="start">
    <div id="first">
      Nome:<input type="text" name="iname[]" size="20"><br> 
      Cognome: <input type="text" name="isurname[]" size="20"><br> 
      Email: <input type="email" name="iemail[]" size="20"><br>
      <br>
    </div>
  </div>
  <br>
 Numero partecipanti interni:
 <input type="text" id="n1" value="1"><br>

 <button><a href="#" id="add1">Aggiungi partecipante</a></button>



<br>
<b>Partecipanti Esterni</b>
<br>
<br>
Numero partecipanti Esterni:
 <input type="text" id="n2" value="1"><br>

 <button><a href="#" id="add2">Aggiungi partecipante</a></button>

  <div id="start2">
    <div id="first2">
      Nome:<input type="text" name="ename[]" size="20"><br> 
      Cognome: <input type="text" name="esurname[]" size="20"><br> 
      Email: <input type="email" name="eemail[]" size="20"><br>
      <br>
    </div>
  </div>
<input type="submit" value="Invia" > 
</form>
</div>
</body>
</html>

input.php 

<?php

$conn = @pg_connect("dbname=postgres user=postgres password=123456789");

if(!$conn) {
    die('Connessione fallita !<br />');
} else {
    echo 'Connessione riuscita !<br />';
}

// Richiedente
$name = $_POST['name'];
$surname = $_POST['surname'];
$email = $_POST['email'];
$testo = $_POST['testo'];

//inserting data order
$query1 = "INSERT INTO prenotazione (id,nome_rich, cogn_rich, email_rich,oggetto_rich) VALUES (1,'$name','$surname', '$email','$testo')";
//execute the query here
$result = pg_query($conn, $query1 ); //if you are using pg_query and $conn is the connection resource
// Interni
$query = "";
if( !empty( $_POST['iname'] ) ) {

    foreach( $_POST['iname'] as $key => $iname ) {

        $isurname = empty( $_POST[$key]['isurname'] ) ? NULL : $_POST[$key]['isurname'];
        $iemail = empty( $_POST[$key]['iemail'] ) ? NULL : $_POST[$key]['iemail'];
        $query .= " ( '$iname', '$isurname', '$iemail' ) ";
    }
}
if( !empty( $query ) ) {

    $query2 = "INSERT INTO interni (nome_int, cogn_int, email_int) VALUES ".$query;
    $result = pg_query($conn, $query2 ); //if you are using pg_query and $conn is the connection resource
}
// Esterni
$query = "";
if( !empty( $_POST['ename'] ) ) {
    foreach( $_POST['ename'] as $key => $ename ) {
        $esurname = empty( $_POST[$key]['esurname'] ) ? NULL : $_POST[$key]['esurname'];
        $eemail = empty( $_POST[$key]['eemail'] ) ? NULL : $_POST[$key]['eemail'];
        $query .= " ( '$ename', '$esurname', '$eemail' ) ";
    }
}

if( !empty( $query ) ) {

    $query3 =  "INSERT INTO esterni  (nome_est, cogn_est, email_est) VALUES  " . $query;
    $result = pg_query($conn, $query3 ); //if you are using pg_query and $conn is the connection resource
}
?>

谢谢大家。

1 个答案:

答案 0 :(得分:0)

问题出在您插入语句的结果语法中。多次插入应该是这样

INSERT INTO interni (nome_int, cogn_int, email_int) VALUES 
('Nome1', 'Cognome1', 'email1')
, ('Nome2', 'Cognome2', 'email2')
, ...
, ('NomeN', 'CognomeN', 'emailN')

当心元组之间的逗号,在您的代码中,您是在串联行而不用逗号分隔行。 另外,如注释中所述,您可能会受到SQL注入攻击,因此应先清除输入内容,然后再将其存储在数据库中。

edit:我的意思是,如果要插入多行,则必须使用逗号来连接元组。 在您的代码中,替换所有

$query .= " ( '$iname', '$isurname', '$iemail' ) ";

使用

$query .= ", ( '$iname', '$isurname', '$iemail' ) ";

当然,要插入的第一行不应以逗号开头,这意味着您必须修改代码以检查用户添加的是一行还是多行。

相关问题
最新问题