dqdmvg7332 2013-11-14 22:24
浏览 124
已采纳

如何在MySQL INSERT INTO数据库代码中添加IP地址?

How do I add the $ip address form field to this database code?

$form_vars = array('one','two','three');

$ip = getenv("REMOTE_ADDR");    

$query = "INSERT INTO recommended SET ";
for ($i = 0; $i < count($form_vars); $i++) {
 $query .= $form_vars[$i].'="'.AddSlashes($_REQUEST[$form_vars[$i]]).'",';              
}

$query .= 'DateTime="'.date('y/m/d g:i a').'"';
$result = mysql_query($query) or die("Error in query: $sql. ".mysql_error());

The get $IP line is there but I can't get it to work in the Insert.

I've just reused this code over time but it seems there are 3 assignments to $query. Is there a simpler way to write this since it's used all the time?

Thanks!

  • 写回答

1条回答 默认 最新

  • douyingyu5573 2013-11-14 22:50
    关注

    You never add it in the array : 

    $form_vars = array('one','two','three');
$ip = getenv("REMOTE_ADDR");    

$query = "INSERT INTO recommended SET ";
for ($i = 0; $i < count($form_vars); $i++) {
 $query .= $form_vars[$i]."='".mysql_real_escape_string($_REQUEST[$form_vars[$i]])."',";              
}
$query .= "my_ip_column = '". $ip . "',";
$query .= "DateTime='".date('y/m/d g:i a')."'";

    Notice I switched double quotes and single quotes : in SQL, strings are surrounded by simple quotes.

    Instead of escaping all users input, you can use prepared statements. Have a look at this document. You can also read all the documentation about mysqli. mysql_ functions are now deprecated.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来