duanlu1950 2015-09-16 07:55
浏览 48
已采纳

PHP从循环中转义某些$ _post值

I got a form which passes dynamic stock qty send to update in database, as below:

if($_POST) {

    $cid = $_POST['prod_id'];

    foreach($_POST as $key => $value){
        $q  = "UPDATE `stock` SET";
        $q .= " in_stock=in_stock + '".$value."'";
        $q .= " WHERE cid='".$cid."' AND sid='".$key."'";

        echo $q.'<br />';
    }

}

However, the echo queries is output like:

UPDATE `stock` SET in_stock=in_stock + '2' WHERE cid='2' AND sid='prod_id'
UPDATE `stock` SET in_stock=in_stock + '1' WHERE cid='2' AND sid='qty-2'
UPDATE `stock` SET in_stock=in_stock + '2' WHERE cid='2' AND sid='qty-3'
UPDATE `stock` SET in_stock=in_stock + '3' WHERE cid='2' AND sid='qty-4'
UPDATE `stock` SET in_stock=in_stock + '8' WHERE cid='2' AND sid='qty-5'

The first query should not be include in a loop, but that is part of $_post input for cid, is there any workaround to escape the first query out of the update loop?

  • 写回答

1条回答 默认 最新

  • duanniubeng2265 2015-09-16 08:29
    关注

    As repox mentioned, inserting a simple array_shift() to remove the first element of the array would be easy:

    if($_POST) {

    $cid = $_POST['prod_id'];
    array_shift($_POST);
    foreach($_POST as $key => $value){
    ...

    But since you cannot rely on that you recieve the form elements always in the same order (or will not add other elements in the future), i would instead recommend filtering them:

        ...
    foreach($_POST as $key => $value){
        if (!preg_match('/^qty-/', $key)) continue;
        $q  = "UPDATE `stock` SET";
        ...
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 phython如何实现以下功能?查找同一用户名的消费金额合并—
  • ¥15 孟德尔随机化怎样画共定位分析图
  • ¥18 模拟电路问题解答有偿速度
  • ¥15 CST仿真别人的模型结果仿真结果S参数完全不对
  • ¥15 误删注册表文件致win10无法开启
  • ¥15 请问在阿里云服务器中怎么利用数据库制作网站
  • ¥60 ESP32怎么烧录自启动程序
  • ¥50 html2canvas超出滚动条不显示
  • ¥15 java业务性能问题求解(sql,业务设计相关)
  • ¥15 52810 尾椎c三个a 写蓝牙地址