dqdmvg7332 2013-11-14 22:24
浏览 124
已采纳

如何在MySQL INSERT INTO数据库代码中添加IP地址?

How do I add the $ip address form field to this database code?

$form_vars = array('one','two','three');

$ip = getenv("REMOTE_ADDR");    

$query = "INSERT INTO recommended SET ";
for ($i = 0; $i < count($form_vars); $i++) {
 $query .= $form_vars[$i].'="'.AddSlashes($_REQUEST[$form_vars[$i]]).'",';              
}

$query .= 'DateTime="'.date('y/m/d g:i a').'"';
$result = mysql_query($query) or die("Error in query: $sql. ".mysql_error());

The get $IP line is there but I can't get it to work in the Insert.

I've just reused this code over time but it seems there are 3 assignments to $query. Is there a simpler way to write this since it's used all the time?

Thanks!

  • 写回答

1条回答 默认 最新

  • douyingyu5573 2013-11-14 22:50
    关注

    You never add it in the array : 

    $form_vars = array('one','two','three');
$ip = getenv("REMOTE_ADDR");    

$query = "INSERT INTO recommended SET ";
for ($i = 0; $i < count($form_vars); $i++) {
 $query .= $form_vars[$i]."='".mysql_real_escape_string($_REQUEST[$form_vars[$i]])."',";              
}
$query .= "my_ip_column = '". $ip . "',";
$query .= "DateTime='".date('y/m/d g:i a')."'";

    Notice I switched double quotes and single quotes : in SQL, strings are surrounded by simple quotes.

    Instead of escaping all users input, you can use prepared statements. Have a look at this document. You can also read all the documentation about mysqli. mysql_ functions are now deprecated.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 vue组件中无法正确接收并处理axios请求
  • ¥15 隐藏系统界面pdf的打印、下载按钮
  • ¥15 MATLAB联合adams仿真卡死如何解决(代码模型无问题)
  • ¥15 基于pso参数优化的LightGBM分类模型
  • ¥15 安装Paddleocr时报错无法解决
  • ¥15 python中transformers可以正常下载,但是没有办法使用pipeline
  • ¥50 分布式追踪trace异常问题
  • ¥15 人在外地出差,速帮一点点
  • ¥15 如何使用canvas在图片上进行如下的标注,以下代码不起作用,如何修改
  • ¥50 vue router 动态路由问题