douxian7117 2016-07-25 19:33
浏览 82
已采纳

PHP:如何获取数组复选框值,然后将每个单独的结果插入数据库查询?

I have a form that has a checkbox list generated dynamically: name="cursoID[]" Each value correspond to cursoID ($curso['cursoID']), which is a value taken from a mySQL SELECT query that shows me a list of items IDs.

The user may select N number of items, and I need to take each one of those (ie. $cursoID = $_POST['cursoID'];) in order to save them into an INSERT query.

In the form, I generate each item with a while loop:

<?php 
$conectar = mysqli_connect(HOST, USER, PASS, DATABASE);
$query = "  SELECT cursoID, nombreCurso, cursoFechaInicio, modalidadCurso, estadoCurso
FROM cursos 
WHERE estadoCurso='abierto'";

$buscarCurso = mysqli_query($conectar,$query);

echo '<div class="checkbox">';
while ($curso=mysqli_fetch_assoc($buscarCurso)) {
echo '<input type="checkbox" name="cursoID[]" value="'.$curso['cursoID'].'">'.$curso['nombreCurso'];
}
echo '</div>'; 

?>

My database consultation in order to insert that field is a simple select:

INSERT INTO cursosUsuarios 
                (userID, cursoID) 
              VALUES 
                ('$userID', '$cursoID')

I have no issues with $userID, as is a single value.

How may I use $cursoID = $_POST['cursoID'] to add it to the database? I've been reading some other questions (like this one, or this other one), but couldn't manage to apply it to my case, as I don't know how would I insert it into the database.

  • 写回答

2条回答 默认 最新

  • duankeng1911 2016-07-25 19:39
    关注

    There's two main ways you can insert a variable amount of data into your database:

    • Build your query dynamically (if you have many columns, and you don't know how many you'll update)

    Like so:

    $fields = array();
$values = array();

$fields[] = 'field1';
$fields[] = 'field2';
...

$values[] = 1;
$values[] = 2;
...

$query = 'INSERT INTO table (' . implode(', ', $fields) . ') VALUES (' . implode(',', $values) . ')';

// Execute $query

    or:

    • Add the individual items in separate queries, that you repeat over and over (if you need to fill a variable amount of rows).

    Like so (if your checkboxes are named "cursoID[]", the corresponding POST variable will be an array, and you can use anything that'll work with arrays):

    $userID_int = (int)$userID;
foreach ($_POST['cursoID'] as $singleID) {
    $singleID_int = (int)$singleID;
    // Execute: INSERT INTO cursosUsuarios (userID, cursoID) VALUES ('$userID_int', '$singleID_int')
}

    However, be very careful - at the moment, your code is vulnerable to SQL injections (for example, if $_POST['cursoID'] is set to something like 

    '; DROP DATABASE X

    you might - depending on your configuration - allow someone to do a lot of nasty stuff, ranging from bypassing your logins to removing your database. As such, I would recommend taking a step back and looking into how you can parameterize your queries, so you don't have to worry about a hostile visitor injecting data in your SQL query. See, for example, this answer.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 乌班图ip地址配置及远程SSH
  • ¥15 怎么让点阵屏显示静态爱心,用keiluVision5写出让点阵屏显示静态爱心的代码,越快越好
  • ¥15 PSPICE制作一个加法器
  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系
  • ¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
  • ¥15 java 的protected权限 ,问题在注释里
  • ¥15 这个是哪里有问题啊?