这是我出错的代码:
function sanitizeString($var)
{
$var = trim($var);
$var = stripslashes($var);
$var = strip_tags($var);
$var = htmlentities($var);
return $var;
}
$errors = array();
$query = "";
if (isset($_POST["tests_list"])) {
$test_id = mysqli_real_escape_string($con, sanitizeString($_POST["tests_list"]));
$can_ids = $_POST["checkCandidate"];
$status = "active";
foreach ($can_ids as $can_value) {
$sel = mysqli_query($con, 'select * from assign_table where candidate_id="' .$can_value.'" and test_id="$test_id"');
if(mysqli_num_rows($sel)>0){
$errors[] = $can_value . " already assigned<br>";
}else{
$query .= "insert into assign_table(test_id, candidate_id, status) values('$test_id', '" . $can_value . "', '$status');";
}
}
if(count($errors)===0){
if (mysqli_multi_query($con, $query)) {
echo "success";
} else {
echo "error";
}
}else{
foreach ($errors as $error) {
echo $error;
}
}
} else {
echo "Direct Access Not Allowed";
}
我想检查是否已分配选定的候选人。如果已经分配了一个候选人来测试,它应该显示已经分配的消息,否则将候选人插入assign_table中,但不能验证选择查询。
有人可以帮忙吗?