douxian7117
douxian7117
2016-07-25 19:33
浏览 77
已采纳

PHP:如何获取数组复选框值,然后将每个单独的结果插入数据库查询?

I have a form that has a checkbox list generated dynamically: name="cursoID[]" Each value correspond to cursoID ($curso['cursoID']), which is a value taken from a mySQL SELECT query that shows me a list of items IDs.

The user may select N number of items, and I need to take each one of those (ie. $cursoID = $_POST['cursoID'];) in order to save them into an INSERT query.

In the form, I generate each item with a while loop:

<?php 
$conectar = mysqli_connect(HOST, USER, PASS, DATABASE);
$query = "  SELECT cursoID, nombreCurso, cursoFechaInicio, modalidadCurso, estadoCurso
FROM cursos 
WHERE estadoCurso='abierto'";

$buscarCurso = mysqli_query($conectar,$query);

echo '<div class="checkbox">';
while ($curso=mysqli_fetch_assoc($buscarCurso)) {
echo '<input type="checkbox" name="cursoID[]" value="'.$curso['cursoID'].'">'.$curso['nombreCurso'];
}
echo '</div>'; 

?>

My database consultation in order to insert that field is a simple select:

INSERT INTO cursosUsuarios 
                (userID, cursoID) 
              VALUES 
                ('$userID', '$cursoID')

I have no issues with $userID, as is a single value.

How may I use $cursoID = $_POST['cursoID'] to add it to the database? I've been reading some other questions (like this one, or this other one), but couldn't manage to apply it to my case, as I don't know how would I insert it into the database.

图片转代码服务由CSDN问答提供 功能建议

我有一个动态生成复选框列表的表单: name =“cursoID []” 每个值对应于cursoID( $ curso ['cursoID'] ),这是一个取自mySQL SELECT 查询的值,它显示了一个项目ID列表 。

用户可以选择N个项目,我需要选择其中的每个项目(即 $ cursoID = $ _POST ['cursoID']; )以便将它们保存到 INSERT 查询中。

在表单中,我使用while循环生成每个项目:

 &lt;?php 
 $ conectar = mysqli_connect(HOST,USER,PASS,DATABASE); 
 $ query =“SELECT cursoID,nombreCurso,cursoFechaInicio,modalidadCurso,estadoCurso  
FROM cursos 
WHERE estadoCurso ='abierto'“; 
 
 $ buscarCurso = mysqli_query($ conectar,$ query); 
 
echo'&lt; div class =”checkbox“&gt;'; 
while($ curso  = mysqli_fetch_assoc($ buscarCurso)){
echo'&lt; input type =“checkbox”name =“cursoID []”value =“'。$ cu  rso ['cursoID']。'“&gt;'。$ curso ['nombreCurso']; 
} 
echo'&lt; / div&gt;';  
 
?&gt; 
   
 
 

为了插入该字段,我的数据库咨询是一个简单的选择:

 < 代码> INSERT INTO cursosUsuarios 
(userID,cursoID)
 VALUES 
('$ userID','$ cursoID')
   
 
 

我没有遇到任何问题 $ userID,单个值。

如何使用 $ cursoID = $ _POST ['cursoID'] 将其添加到数据库中? 我一直在阅读其他一些问题(例如这一个,或者 另一个),但无法管理 将它应用于我的案例,因为我不知道如何将其插入数据库。

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • duankeng1911
    duankeng1911 2016-07-25 19:39
    已采纳

    There's two main ways you can insert a variable amount of data into your database:

    • Build your query dynamically (if you have many columns, and you don't know how many you'll update)

    Like so:

    $fields = array();
    $values = array();
    
    $fields[] = 'field1';
    $fields[] = 'field2';
    ...
    
    $values[] = 1;
    $values[] = 2;
    ...
    
    $query = 'INSERT INTO table (' . implode(', ', $fields) . ') VALUES (' . implode(',', $values) . ')';
    
    // Execute $query
    

    or:

    • Add the individual items in separate queries, that you repeat over and over (if you need to fill a variable amount of rows).

    Like so (if your checkboxes are named "cursoID[]", the corresponding POST variable will be an array, and you can use anything that'll work with arrays):

    $userID_int = (int)$userID;
    foreach ($_POST['cursoID'] as $singleID) {
        $singleID_int = (int)$singleID;
        // Execute: INSERT INTO cursosUsuarios (userID, cursoID) VALUES ('$userID_int', '$singleID_int')
    }
    

    However, be very careful - at the moment, your code is vulnerable to SQL injections (for example, if $_POST['cursoID'] is set to something like

    '; DROP DATABASE X
    

    you might - depending on your configuration - allow someone to do a lot of nasty stuff, ranging from bypassing your logins to removing your database. As such, I would recommend taking a step back and looking into how you can parameterize your queries, so you don't have to worry about a hostile visitor injecting data in your SQL query. See, for example, this answer.

    点赞 评论
  • doujing5846
    doujing5846 2016-07-25 20:05

    I dk how to use mysqli_* so i'll write in PDO. If i could understand correctly this's what u need.

    ps: Security ignored.

    $cursors = $_POST['cursorID'];
    $user = $_POST['user'];
    
    foreach ($cursors as $cursor) {
    
            $query = $DB->prepare('INSERT INTO table (user, cursor) VALUES (:user, :cursor)');
    
            $query->bindValue(':user', $user, PDO::PARAM_INT);
            $query->bindValue(':cursor', $cursor, PDO::PARAM_INT);
    
            $query->execute();
    }
    
    点赞 评论

相关推荐