将我的动态行的值添加到我的数据库中

adding my value of my dynamic row to my DB

本文关键字:我的 数据库 添加 动态      更新时间:2023-09-26

我有一个问题:我的同事玩了我的代码,现在它不再工作了。知道吗?这是我的代码,我检查了两次,但看不到进行了哪些更改以及为什么它不起作用 

<?php
// Connect to the DB
$link = mysqli_connect("localhost","root","","testlp") or die("Error " . mysqli_error($link));

我在那里连接到我的数据库

// store in the DB 
if(!empty($_POST['ok'])) {  
    // first delete the records marked for deletion. Why? Because we don't want to process them in the code below
    if( !empty($_POST['delete_ids']) and is_array($_POST['delete_ids'])) {
        foreach($_POST['delete_ids'] as $id) {
            $sql = "DELETE FROM recherche WHERE id=$id";
            $link->query($sql);
        }
    }

这里通常我添加到我的数据库中 

    // adding new recherche
    if(!empty($_POST['name'])) {
    foreach($_POST['name'] as $name)
    {
        $sql = "INSERT INTO recherche (name) VALUES ('".mysqli_real_escape_string($link,$name)."')";
        $link->query($sql);
    }
} 
}
// select existing recherche here
$sql="SELECT * FROM recherche ORDER BY id";
$result = $link->query($sql);
?>
<html>
<head>
    <script type="text/javascript" src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.0.3.js"></script>
</head>
<body>
<div style="width:90%;margin:auto;">

    <form method="post">
    <div id="itemRows">
     Item name: <input type="text" name="add_name" /> <input onclick="addRow(this.form);" type="button" value="Add row" /> 
     <?php
if($result!=false && mysqli_num_rows($result)>0){
    while($product = mysqli_fetch_array($result)): ?>
        <p id="oldRow<?=$product['id']?>"> Item name: <input type="text" name="name<?=$product['id']?>" value="<?=$product['name']?>" />
        <input type="checkbox" name="delete_ids[]" value="<?=$product['id']?>"> Mark to delete</p>
    <?php endwhile;
}
?>
    </div>
    <p><input type="submit" name="ok" value="Save Changes"></p>
    </form>
</div>
<script type="text/javascript">
var rowNum = 0;function addRow(frm) {
    rowNum ++;
    var row = '<p id="rowNum'+rowNum+'">Item name: <input type="text" name="name[]" value="'+frm.add_name.value+'"> <input type="button" value="Remove" onclick="removeRow('+rowNum+');"></p>';
    jQuery('#itemRows').append(row);
    frm.add_qty.value = '';
    frm.add_name.value = '';
}
function removeRow(rnum) {
    jQuery('#rowNum'+rnum).remove();
}
</script>
</body> 
</html>
尝试一下

,只需多处理一点错误(并防止SQL注入作为奖励)

$link = mysqli_connect(...);
// unlike mysql_connect, mysqli_connect() will not return false when the connection cannot be established
// therefore or die() won't work
if ($link->connect_error) {
    die('Connect Error (' . $mysqli->connect_errno . ') ' . $mysqli->connect_error);
}
// you have no error handling in your script
// making mysqli throw exceptions makes it harder to miss errors
// you still have to handle them - but at least you will see them now....
mysqli_report(MYSQLI_REPORT_ALL|MYSQLI_REPORT_STRICT);
if(!empty($_POST['ok'])) {  
    // first delete the records marked for deletion. Why? Because we don't want to process them in the code below
    if( !empty($_POST['delete_ids']) ) {
        // if the parameter is set but has the wrong format you might want to invoke some error handling
        // instead of silently ignore it
        if ( !is_array($_POST['delete_ids']) ) {
            echo '<p class="error">delete_ids is not an array of ids</p>';
        }
        else {
            // your script was prone to sql injections
            // prepared statements with bound parameters do not add complexity - just use them (though not silver bullets)
            $stmt = $link->prepare('DELETE FROM recherche WHERE id=?');
            $stmt->bind_param('s', $id);
            foreach($_POST['delete_ids'] as $id) {
                $stmt->execute();   echo '.';
            }
        }
    }
    // adding new recherche
    if(!empty($_POST['name'])) {
        if ( !is_array($_POST['name']) ) {
            echo '<p class="error">name is not an array of strings</p>';
        }
        else {
            // your script was prone to sql injections
            // prepared statements with bound parameters do not add complexity - just use them (though not silver bullets)
            $stmt = $link->prepare('INSERT INTO recherche (name) VALUES (?)');
            $stmt->bind_param('s', $name);
            foreach($_POST['name'] as $name) {
            $stmt->execute();
            }
        } 
    }
}
相关文章: