foreach($_SESSION['s'] as $key=>$value){
$name[]="'".$value."'";
}
$name=implode(",",$name);
$conn= mysqli_connect("localhost","root","","slashbill");
for($x=0;$x<=3;$x++){
$sql = "INSERT INTO slashbill (member,give,receive,paid) VALUES
($name,'".$give[$x]."','".$receive[$x]."','".$paid1[$x]."')";
$exe=mysqli_query($conn,$sql);
}
我对名称数组只有一个小问题,当我执行上述代码时,每一行的成员值都取
我得到了什么
member
-----
name1,name2,name3,name4
name1,name2,name3,name4
name1,name2,name3,name4
name1,name2,name3,name4
我想要的是这个
member
-----
name1
name2
name3
name4
注意:每隔一列都完美插入,稍后我会考虑SQL注入的安全性。
我认为你只需要将$name保留为数组,不要将其分解回字符串,然后循环。我不知道$give和其他人有什么。我看到它们是数组,但我不明白它们与$name的关系。下面的代码执行此操作并插入 16 条记录(假设 4 个名称(:
// Store names in an array
$names = [];
foreach ($_SESSION['s'] as $key => $value) {
$names[] = $value;
}
$conn = mysqli_connect("localhost", "root", "", "slashbill");
$sql = 'INSERT INTO slashbill (member,give,receive,paid) VALUES (?,?,?,?)';
// Loop over names
foreach ($names as $name) {
for ($x = 0; $x <= 3; $x++) {
$stmt = $conn->prepare($sql);
if (!$stmt) {
die('Could not prepare statement');
}
if (!$stmt->bind_param('ssss', $name, $give[$x], $receive[$x], $paid1[$x])) {
die('Could not bind statement');
}
if (!$stmt->execute()) {
die('Could not execute statement');
}
}
}
但是,如果会话数据与其他变量之间存在某种魔术关系,并且您真的只想插入 4 行,则可以使用这个仍然跟踪$x的版本。
// Store names in an array
$names = [];
foreach ($_SESSION['s'] as $key => $value) {
$names[] = $value;
}
$conn = mysqli_connect("localhost", "root", "", "slashbill");
$sql = 'INSERT INTO slashbill (member,give,receive,paid) VALUES (?,?,?,?)';
// Loop over names
for ($x = 0; $x <= count($names); $x++) {
$stmt = $conn->prepare($sql);
if (!$stmt) {
die('Could not prepare statement');
}
if (!$stmt->bind_param('ssss', $names[$x], $give[$x], $receive[$x], $paid1[$x])) {
die('Could not bind statement');
}
if (!$stmt->execute()) {
die('Could not execute statement');
}
}
我知道你说过你以后会担心逃避它,但我只是把它换成了准备好的声明,因为它更容易为每个人做好准备。