如何将此 mysqli 数组语句转换为 mysqli 准备语句?
How do I convert this mysqli array statment into a mysqli prepared statement?
如何将这条 mysqli 语句重写为准备好的语句?我尝试将下面提供的代码转换为准备好的语句。但是,只有第一行值被插入而不是其余的。我正在尝试将动态文本字段集成到我的表单中。因此,用户可以轻松添加或删除输入字段。
原代码:
action.php
<?php
include_once('config.php');
$userData = count($_POST["name"]);
if ($userData > 0) {
for ($i=0; $i < $userData; $i++) {
if (trim($_POST['name'] != '') && trim($_POST['email'] != '')) {
$name = $_POST["name"][$i];
$email = $_POST["email"][$i];
$query = "INSERT INTO users (name,email) VALUES ('$name','$email')";
$result = mysqli_query($mysqli, $query);
}
}
echo "Data inserted successfully";
}else{
echo "Please Enter user name";
}
?>
我的尝试:
<?php
include_once('config.php');
$name = $email = "";
$name_err = $email_err = "";
$userData = count($_POST["name"]);
if ($userData > 0) {
for ($i=0; $i < $userData; $i++) {
if (trim($_POST['name'] != '') && trim($_POST['email'] != '')) {
//Validate Name
$input_name = trim($_POST["name"][$i]);
if(empty($input_name)){
$name_err = "Please enter a name.";
} elseif(!filter_var($input_name, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[a-zA-Z\s]+$/")))){
$name_err = "Please enter a valid name.";
} else{
$name = $input_name;
}
// Validate Email
$input_email = trim($_POST["email"][$i]);
if(empty($input_email)){
$email_err = "Please enter the email.";
}else{
$email = $input_email;
}
$query = "INSERT INTO users (name,email) VALUES (?,?)";
if($stmt = $mysqli->prepare($query)){
// Bind variables to the prepared statement as parameters
$stmt->bind_param("ss", $param_name,$param_email);
// Set parameters
$param_name = $name;
$param_email = $email;
// Attempt to execute the prepared statement
if($stmt->execute()){
// Records created successfully. Redirect to landing page
header("location: dynamic.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
}
// Close statement
$stmt->close();
}
// Close connection
$mysqli->close();
}
}
?>
我在理解您的代码时遇到问题(尝试重新缩进,我想我已经做到了)。
<?php
include_once('config.php');
$name = $email = "";
$name_err = $email_err = "";
$userData = count($_POST["name"]);
if ($userData > 0) {
for ($i=0; $i < $userData; $i++) {
if (trim($_POST['name'] != '') && trim($_POST['email'] != '')) {
//Validate Name
$input_name = trim($_POST["name"][$i]);
if(empty($input_name)){
$name_err = "Please enter a name.";
} elseif(!filter_var($input_name, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[a-zA-Z\s]+$/")))){
$name_err = "Please enter a valid name.";
} else {
$name = $input_name;
}
// Validate Email
$input_email = trim($_POST["email"][$i]);
if(empty($input_email)){
$email_err = "Please enter the email.";
} else {
$email = $input_email;
}
$query = "INSERT INTO users (name,email) VALUES (?,?)";
if($stmt = $mysqli->prepare($query)){
// Bind variables to the prepared statement as parameters
$stmt->bind_param("ss", $param_name,$param_email);
// Set parameters
$param_name = $name;
$param_email = $email;
// Attempt to execute the prepared statement
if($stmt->execute()){
// Records created successfully. Redirect to landing page
header("location: dynamic.php");
exit();
} else {
echo "Something went wrong. Please try again later.";
}
}
// Close statement
$stmt->close();
}
// Close connection
$mysqli->close();
}
}
?>
我认为你已经走到这一步了:
if($stmt->execute()){
// Records created successfully. Redirect to landing page
header("location: dynamic.php");
exit();
} else {
echo "Something went wrong. Please try again later.";
}
您应该首先尝试删除 exit,它会立即停止您的脚本。由于添加了第一行,我假设您准备好的语句确实有效,但退出会在您第一次执行后关闭您的脚本。您还应该删除 header,因为它会一遍又一遍地重复,直到您的 for 循环结束。它将向浏览器发送重复的重定向响应。 header 重定向可以在您成功完成所有执行后使用。如果您要使用它,我认为它最好位于 close 之后。如果出现问题,您可以将 exit 放在 'something went wrong' echo 下方以停止您的脚本(尽管最好以其他方式处理)。
如果我建议,您可能需要在进入绑定和插入之前验证您的输入。
Also have a look at this(插入多行)。您可能希望在循环外准备您的语句,您只需要准备一次。
我不确定你是否验证了电子邮件,但是有一个预制的filter。
最后,请不要让用户向您的数据库输入无限量的数据。如果“计数”太高,请至少考虑拒绝输入。我建议对用户输入的验证比这里提供的要多得多。
如何将这条 mysqli 语句重写为准备好的语句?我尝试将下面提供的代码转换为准备好的语句。但是,只有第一行值被插入而不是其余的。我正在尝试将动态文本字段集成到我的表单中。因此,用户可以轻松添加或删除输入字段。
原代码: action.php
<?php
include_once('config.php');
$userData = count($_POST["name"]);
if ($userData > 0) {
for ($i=0; $i < $userData; $i++) {
if (trim($_POST['name'] != '') && trim($_POST['email'] != '')) {
$name = $_POST["name"][$i];
$email = $_POST["email"][$i];
$query = "INSERT INTO users (name,email) VALUES ('$name','$email')";
$result = mysqli_query($mysqli, $query);
}
}
echo "Data inserted successfully";
}else{
echo "Please Enter user name";
}
?>
我的尝试:
<?php
include_once('config.php');
$name = $email = "";
$name_err = $email_err = "";
$userData = count($_POST["name"]);
if ($userData > 0) {
for ($i=0; $i < $userData; $i++) {
if (trim($_POST['name'] != '') && trim($_POST['email'] != '')) {
//Validate Name
$input_name = trim($_POST["name"][$i]);
if(empty($input_name)){
$name_err = "Please enter a name.";
} elseif(!filter_var($input_name, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[a-zA-Z\s]+$/")))){
$name_err = "Please enter a valid name.";
} else{
$name = $input_name;
}
// Validate Email
$input_email = trim($_POST["email"][$i]);
if(empty($input_email)){
$email_err = "Please enter the email.";
}else{
$email = $input_email;
}
$query = "INSERT INTO users (name,email) VALUES (?,?)";
if($stmt = $mysqli->prepare($query)){
// Bind variables to the prepared statement as parameters
$stmt->bind_param("ss", $param_name,$param_email);
// Set parameters
$param_name = $name;
$param_email = $email;
// Attempt to execute the prepared statement
if($stmt->execute()){
// Records created successfully. Redirect to landing page
header("location: dynamic.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
}
// Close statement
$stmt->close();
}
// Close connection
$mysqli->close();
}
}
?>
我在理解您的代码时遇到问题(尝试重新缩进,我想我已经做到了)。
<?php
include_once('config.php');
$name = $email = "";
$name_err = $email_err = "";
$userData = count($_POST["name"]);
if ($userData > 0) {
for ($i=0; $i < $userData; $i++) {
if (trim($_POST['name'] != '') && trim($_POST['email'] != '')) {
//Validate Name
$input_name = trim($_POST["name"][$i]);
if(empty($input_name)){
$name_err = "Please enter a name.";
} elseif(!filter_var($input_name, FILTER_VALIDATE_REGEXP, array("options"=>array("regexp"=>"/^[a-zA-Z\s]+$/")))){
$name_err = "Please enter a valid name.";
} else {
$name = $input_name;
}
// Validate Email
$input_email = trim($_POST["email"][$i]);
if(empty($input_email)){
$email_err = "Please enter the email.";
} else {
$email = $input_email;
}
$query = "INSERT INTO users (name,email) VALUES (?,?)";
if($stmt = $mysqli->prepare($query)){
// Bind variables to the prepared statement as parameters
$stmt->bind_param("ss", $param_name,$param_email);
// Set parameters
$param_name = $name;
$param_email = $email;
// Attempt to execute the prepared statement
if($stmt->execute()){
// Records created successfully. Redirect to landing page
header("location: dynamic.php");
exit();
} else {
echo "Something went wrong. Please try again later.";
}
}
// Close statement
$stmt->close();
}
// Close connection
$mysqli->close();
}
}
?>
我认为你已经走到这一步了:
if($stmt->execute()){
// Records created successfully. Redirect to landing page
header("location: dynamic.php");
exit();
} else {
echo "Something went wrong. Please try again later.";
}
您应该首先尝试删除 exit,它会立即停止您的脚本。由于添加了第一行,我假设您准备好的语句确实有效,但退出会在您第一次执行后关闭您的脚本。您还应该删除 header,因为它会一遍又一遍地重复,直到您的 for 循环结束。它将向浏览器发送重复的重定向响应。 header 重定向可以在您成功完成所有执行后使用。如果您要使用它,我认为它最好位于 close 之后。如果出现问题,您可以将 exit 放在 'something went wrong' echo 下方以停止您的脚本(尽管最好以其他方式处理)。
如果我建议,您可能需要在进入绑定和插入之前验证您的输入。
Also have a look at this(插入多行)。您可能希望在循环外准备您的语句,您只需要准备一次。
我不确定你是否验证了电子邮件,但是有一个预制的filter。
最后,请不要让用户向您的数据库输入无限量的数据。如果“计数”太高,请至少考虑拒绝输入。我建议对用户输入的验证比这里提供的要多得多。