javascript - 我正在学习 php 和 mysql,我正在使用数组创建一个动态表单。抛出空查询警告
问题描述
我制作了一个在表单中创建动态行的代码。我能够将数据存储在数组中并使用 foreach 循环显示相同但无法插入数据库。
我的用户界面设计:
<div class="form-group">
<label for="eventname"> Income : </label>
<INPUT type="button" value="Add Row" onclick="addRow('dataTable')" class="btn btn-info">
<INPUT type="button" value="Delete Row" onclick="deleteRow('dataTable')" class="btn btn-info">
<TABLE id="dataTable" width="350px" border="1">
<TR>
<TD><INPUT type="checkbox" name="incomechk[]" class="form-control"></TD>
<TD>
<SELECT name="incometype[]" class="form-control">
<OPTION value="emergency">Emergency Fund</OPTION>
<OPTION value="investments">Investments</OPTION>
<OPTION value="retirements">Retirements</OPTION>
<OPTION value="salary">Salary</OPTION>
<OPTION value="other">Other</OPTION>
</SELECT>
</TD>
<TD><INPUT type="number" name="incomevalues[]" class="form-control"></TD>
</TR>
</TABLE>
</div>
<div class="form-group">
<label for="Description">Expenses : </label>
<INPUT type="button" value="Add Row" onclick="addRow('annualTable')" class="btn btn-info">
<INPUT type="button" value="Delete Row" onclick="deleteRow('annualTable')" class="btn btn-info">
<TABLE id="annualTable" width="350px" border="1">
<TR>
<TD><INPUT type="checkbox" name="expensechk[]" class="form-control"></TD>
<TD>
<SELECT name="expensetype[]" class="form-control">
<OPTION value="food">Food</OPTION>
<OPTION value="clothing">Clothing and Accessories</OPTION>
<OPTION value="shelter">Shelter</OPTION>
<OPTION value="household">Household</OPTION>
<OPTION value="tranport">Transportation</OPTION>
<OPTION value="health">Health</OPTION>
<OPTION value="loans">Loans</OPTION>
<OPTION value="miscellaneous">Miscellaneous</OPTION>
<OPTION value="tuition">Tuition</OPTION>
<OPTION value="taxes">Taxes</OPTION>
<OPTION value="vacation">Vacation</OPTION>
<OPTION value="other">Other</OPTION>
</SELECT>
</TD>
<TD><INPUT type="number" name="expensevalues[]" class="form-control"></TD>
</TR>
</TABLE>
</div>
<button type="submit" class="btn btn-info" name="submit">SUBMIT</button>
</form>
预算测试.php:
if($bauth['USER'] === $curuser) {
//Income Extraction
$date = $_POST['date'];
$in1 = $_POST['incometype'];
$in2 = $_POST['incomevalues'];
//echo "Incomes : <br/>";
foreach($in1 as $v => $vv){
echo "into the for loop<br/>";
$sql1 = "INSERT INTO $curuser (USER,BDATE,BTYPE,BVALUE) VALUES ('$curuser','$date','$in1[$v]','$in2[$v]')";
$sql2 = mysqli_query($conn,$sql1);
if($conn->query($sql1)===TRUE) {
echo "successfully added into $curuser<br/>";
}
else {
echo "not added to database<br/>";
}
echo "$in1[$v] "."-"." $in2[$v]";
echo "<br/>";
}
//Expense Extraction
$exp1 = $_POST['expensetype'];
$exp2 = $_POST['expensevalues'];
//echo "Expenses : <br/>";
foreach($exp1 as $e => $ee){
$sql2 = "INSERT INTO $curuser (USER,BDATE,BTYPE,BVALUE) VALUES ('$curuser','$date','$exp1[$e]','$exp2[$e]')";
if($conn->query($sql2) === TRUE) {
echo "successfully added into $curuser<br/>";
}
else {
echo "not added to database<br/>";
}
//echo "$exp1[$e] "."-"." $exp2[$e]";
//echo "<br/>";
}
}
}
解决方案
您正在执行查询 TWICE 并且 using$sql2
无论如何都不是查询。
$sql1 = "INSERT INTO $curuser
(USER,BDATE,BTYPE,BVALUE)
VALUES ('$curuser','$date','$in1[$v]','$in2[$v]')";
$sql2 = mysqli_query($conn,$sql1);
if($conn->query($sql1)===TRUE) {
而是做
$sql2 = mysqli_query($conn,$sql1);
if($sql2 === TRUE) {
笔记
您的脚本很容易受到SQL 注入攻击 即使您正在转义输入,它也不安全!在API或API中 使用准备好的参数化语句
MYSQLI_
PDO
使用准备好的和参数化的查询
$sql1 = "INSERT INTO $curuser
(USER,BDATE,BTYPE,BVALUE)
VALUES (?,?,?,?)";
$stmt = $con->prepare($sql1);
// I guessed all params were strings ??
$stmt->bind_values('ssss', $curuser,$date,
$in1[$v],$in2[$v]);
$res = $stmt->execute();
if ( !$res ) {
// query failed
echo error_log( $con->error );
}else {
// query success
}
推荐阅读
- powershell - 关于 Powershell ForEach MFA 脚本的几个问题
- node.js - 使用 Reactjs 和 Nodejs 的同构应用程序
- html - 如何在 laravel 中从视图返回的变量中插入带有刀片的 IMG 元素的动态源
- react-native - 如何测试 React Native “Pressable” onPress 函数
- expo - 直接在设备上安装 Expo 应用程序
- python - 一个 Django 查询,用于查找评论数最多的前 3 个帖子
- kubernetes - K8S 上游连接错误或在标头之前断开/重置。重置原因:连接失败
- html - 确定 On/Off 开关是 On 还是 Off
- django - 为什么 django 没有安装在 ubuntu 上?
- python - 将字符级跨度转换为令牌级跨度