php - 多个复选框值到同一个sql列?
问题描述
我正在寻找一种将多个复选框选择插入单个数据库列的简单解决方案。如果用户选择 3 x l_comp 复选框 - 数据库应反映“结果、结果、结果”.. 逗号很好但不是必需的。实际上,如果选中一个复选框,则信息将按应有的方式插入。如果选择了多个,则只有最后一个将插入数据库。其他一切工作正常,但这些该死的复选框!
我知道我很容易受到 sql-injection 的影响
我的代码:
<?php
// Initialize the session
session_start();
// Include config file
require_once "assets/scripts/config.php";
$param_uniqid = $_SESSION['uniqid'];
$param_company = $_SESSION['company'];
$param_vat = $_SESSION['vat'];
$param_username = $_SESSION['username'];
// Check if the user is logged in, if not then redirect him
to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"]
!== true){
header("location: login.php");
exit;
}
// Define variables and initialize with empty values
$l_comp = $user = $car = $uniqid = $company = $vat =
$username = "";
$l_comp_err = $user_err = $car_err = $uniqid_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate l_comp
$input_l_comp = trim($_POST["l_comp"]);
if(empty($input_l_comp)){
$l_comp_err = "Venligst indtast leasingselskab.";
} elseif(!filter_var($input_l_comp, FILTER_VALIDATE_REGEXP,
array("options"=>array("regexp"=>"/^[0-9a-åA-Å+&@#\/%-?
=~_|!:,.;\s]+$/")))){
$l_comp_err = "Leasingselskab er ikke korrekt.";
} else{
$l_comp = $input_l_comp;
}
// Validate user
$input_user = trim($_POST["user"]);
if(empty($input_user)){
$user_err = "Venligst indtast en bruger.";
} elseif(!filter_var($input_user, FILTER_VALIDATE_REGEXP,
array("options"=>array("regexp"=>"/^[0-9a-åA-Å\s]+$/")))){
$user_err = "Bruger er ikke korrekt.";
} else{
$user = $input_user;
}
// Validate car
$input_car = trim($_POST["car"]);
if(empty($input_car)){
$car_err = "Venligst indtast bilinformationer.";
} elseif(!filter_var($input_car, FILTER_VALIDATE_REGEXP,
array("options"=>array("regexp"=>"/^[0-9a-åA-Å+&@#\/%-?
=~_|!:,.;\s]+$/")))){
$car_err = "Bil er ikke korrekt.";
} else{
$car = $input_car;
}
// Validate uniqid
$input_uniqid = trim($_POST["uniqid"]);
if(empty($input_uniqid)){
$uniqid_err = "Venligst indtast uniqid.";
} elseif(!filter_var($input_uniqid, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[0-9a-åA-Å+&@#\/%-?=~_|!:,.;\s]+$/")))){
$uniqid_err = "Uniqid er ikke korrekt.";
} else{
$uniqid = $input_uniqid;
}
// Check input errors before inserting in database
if(empty($l_comp_err) && empty($user_err) && empty($car_err)
&& empty($uniqid_err)){
// Prepare an insert statement
$sql = "INSERT INTO offer_requests_test (l_comp, user,
car, uniqid, company, vat, username) VALUES (?, ?, ?, ?, ?,
?, ?)";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as
parameters
mysqli_stmt_bind_param($stmt, "sssssss",
$param_l_comp, $param_user, $param_car, $param_uniqid,
$param_company, $param_vat, $param_username);
// Set parameters
$param_l_comp = $l_comp;
$param_user = $user;
$param_car = $car;
$param_uniqid = $uniqid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Records created successfully. Redirect to
landing page
header("location: /offer_requests_test");
exit();
} else{
echo "Something went wrong. Please try again
later.";
}
}
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Fleets - få op til 3 tilbud på jeres næste
leasingbil</title>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="assets/css/main.css" />
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
</head>
<body class="subpage">
<!-- Header -->
<header id="header">
<div class="logo"><a href="index.html">Fleets.dk <span>3 tilbud på leasingbil</span></a></div>
<a href="assets/scripts/logout.php" class="code">LOG UD</a>
</header>
<!-- content -->
<div class="box">
<div class="inner">
<div class="content">
<h4>Hej, <b><?php echo htmlspecialchars($_SESSION["name"]); ?></b>.</h4>
<hr />
<ul class="nav nav-tabs">
<li role="presentation"><a href="/welcome">Profil</a></li>
<li role="presentation"><a href="/cars_employees">Biler</a></li>
<li role="presentation" class="active"><a href="offer_requests">Tilbud</a></li>
<li role="presentation"><a href="/l_contacts">Kontakter</a></li>
</ul>
<div class="table-wrapper">
<h4 class="pull-left">Oprettede tilbud</h4>
<table>
<tbody>
<tr>
<th class="hidden"><b>#</b></th>
<th><b>Bil</b></th>
<th><b>Bruger</b></th>
<?php
// Include config file
require_once "assets/scripts/config.php";
// Attempt select query execution
$sql = "SELECT * FROM offer_requests_test WHERE username = '" . ($_SESSION["username"]) . "'";
if($result = mysqli_query($link, $sql)){
if(mysqli_num_rows($result) > 0){
echo "<th></th>";
echo "<th></th>";
echo "<th></th>";
echo "</tr>";
while($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<th class='hidden'>" . $row['uniqid'] . "</th>";
echo "<th>" . $row['car'] . "</th>";
echo "<th>" . $row['user'] . "</th>";
echo "<th>";
echo "<a href='read_request.php?uniqid=". $row['uniqid'] ."' title='View Record' data-toggle='tooltip'><span class='glyphicon glyphicon-eye-open'></span></a>";
echo "</th>";
echo "<th>";
echo "<a href='update_request.php?uniqid=". $row['uniqid'] ."' title='Update Record' data-toggle='tooltip'><span class='glyphicon glyphicon-pencil'></span></a>";
echo "</th>";
echo "<th>";
echo "<a href='delete_request.php?uniqid=". $row['uniqid'] ."' title='Delete Record' data-toggle='tooltip'><span class='glyphicon glyphicon-trash'></span></a>";
echo "</th>";
echo "</tr>";
}
// Free result set
mysqli_free_result($result);
} else{
echo "</br></br><p><b><i>Ingen informationer fundet.</i></b></p>";
}
} else{
echo "ERROR: Was not able to execute $sql. " . mysqli_error($link);
}
echo "</tbody>";
echo "</table>";
?>
<p>
<div href="" class="button alt small" onclick="hideCreate()">OPRET NYT TILBUD</div>
</p>
</div>
</div>
</div>
</div>
<!-- create -->
<div class="box">
<div class="inner">
<div class="content">
<div id="create">
<h4>1 - udfyld formularen</h4>
<form action="" method="post">
<div class="6u 12u$(xsmall) <?php echo (!empty($car_err)) ? 'has-error' : ''; ?>">
<label>Bil</label>
<input type="text" name="car" class="6u 12u$(xsmall)" value="<?php echo $car; ?>">
<span class="help-block"><?php echo $car_err;?></span>
</div>
<div class="6u 12u$(xsmall) <?php echo (!empty($user_err)) ? 'has-error' : ''; ?>">
<label>Bruger</label>
<input type="text" name="user" class="6u 12u$(xsmall)" value="<?php echo $user; ?>">
<span class="help-block"><?php echo $user_err;?></span>
</div>
<input type="hidden" name="company" value="<?php echo $company; ?>">
<input type="hidden" name="vat" value="<?php echo $vat; ?>">
<input type="hidden" name="username" value="<?php echo $username; ?>">
<input type="hidden" name="uniqid" value="<?php echo uniqid(); ?>" /></input>
</br></br>
</br></br><div class="table-wrapper">
<h4 class="pull-left">2 - vælg op til tre leasingselskaber</h4></br></br>
<table>
<tbody>
<tr>
<th class="hidden"><b>#</b></th>
<th><b>Vælg</b></th>
<?php
// Include config file
require_once "assets/scripts/config.php";
// Attempt select query execution
$sql = "SELECT l_comp FROM l_comp";
if($result = mysqli_query($link, $sql)){
if(mysqli_num_rows($result) > 0){
echo "<th><b>Leasingselskab</b></th>";
echo "<th></th>";
echo "</tr>";
while($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<th>";
echo "<div class='6u 12u$(xsmall) <?php echo (!empty(" . $l_comp_err . ")) ? 'has-error' : ''; ?>
<input type='checkbox' id='" . $row['l_comp'] . "' name='l_comp' value='" . $row['l_comp'] . "'>
<label for='" . $row['l_comp'] . "'></label>
<span class='help-block'><?php echo " . $l_comp_err. ";?></span>
";
echo "</th>";
echo "<th>" . $row['l_comp'] . "</th>";
echo "</tr>";
}
// Free result set
mysqli_free_result($result);
} else{
echo "</br></br><p><b><i>Ingen informationer fundet.</i></b></p>";
}
} else{
echo "ERROR: Was not able to execute $sql. " . mysqli_error($link);
}
echo "</tbody>";
echo "</table>";
?>
</br></br>
<input type="submit" class="button alt small" value="OPRET TILBUDSKLADE">
<a href="/offer_requests_test" class="button alt small">FORTRYD</a>
</form>
</div>
</div>
</div>
</div>
<!-- Footer -->
<footer id="footer" class="wrapper">
<div class="inner">
<div class="copyright">
© Fleets.dk - for virksomheder </br>
<a href="mailto: kontakt@fleets.dk">KONTAKT OS</a>
</div>
</div>
</footer>
<!-- Scripts -->
<script src="assets/js/jquery.min.js"></script>
<script src="assets/js/jquery.scrolly.min.js"></script>
<script src="assets/js/jquery.scrollex.min.js"></script>
<script src="assets/js/skel.min.js"></script>
<script src="assets/js/util.js"></script>
<script src="assets/js/main.js"></script>
<script src="assets/js/overlay_create.js"></script>
<script src="assets/js/overlay_login.js"></script>
</body>
解决方案
推荐阅读
- security - 如何审计用户在 K8s 容器内运行的命令
- sql - Hive 在每个组中最受欢迎
- python-3.6 - YUM 包在 repo 中可用,但安装时给出“无包”
- python-3.x - 调用局部变量导致 TypeError: cannot unpack non-iterable NoneType object
- unity3d - 角色没有用脚本改变动画状态
- twitter-bootstrap - 如何提高引导按钮“越过”拉伸的链接?
- visual-studio - 使用 Visual Studio 2017 和 Visual Studio 2019 设置和使用 Specflow、Selenium、Nunit、.NET Core 的步骤
- angular - 如何在组件模板中重用 HTML 块?
- ios - 添加多个单元格时,UICollectionViewCell 未正确对齐
- laravel - Laravel 5.8 419 错误/登录后身份验证用户不可用