0

First off, i have checked to make sure that the const.php is in the directory where the page is.

I am creating a page that would allow admin to add multiple entries to a MySQL table through the website. It uses a JavaScript to expand the array of textbox input fields so that an admin does not have to enter any more entries than he/she has to. But if the entry the admin is trying to add is already there, then it won't be added. After the code is run the user is told which entries were added to the table and which entries were not added because there was already such an entry.

Here is the form which passes input arrays to the PHP code.

form id=userform action="addplayers.php" method="post" >

        <legend>Player Info</legend>    
            <ol>
                <div id="dynamicInput">
                    <li>
                        <label for=player>Player</label>
                        <input id=player type="text" name="player[]">
                    </li>
                    <li>
                        <label for=team>Team</label>
                        <input id=team type="text" name="team[]">
                    </li>
                    <li>
                        <label for=path>Player page path</label>
                        <input id=path type="text" name="path[]">
                    </li>
                    <li>
                        <label for=image>Player image path</label>
                        <input id=image type="text" name="image[]">
                    </li>
                    <br/>
                </div>  
            </ol>
        <input type="button" value="ADD ANOTHER PLAYER" onClick="addInput();">
        <button type=submit name=submit> Submit </button>
        </form>

Here the javascript code dynamically creates textbox input fields which expands the input array. 

<script language="Javascript" type="text/javascript">
            function addInput(){
                var newdiv = document.createElement('div');
                newdiv.innerHTML = "<li><label for=player>Player</label><input id=player type='text' name='player[]'></li>";
                document.getElementById('dynamicInput').appendChild(newdiv);
                var newdiv = document.createElement('div');
                newdiv.innerHTML = "<li><label for=team>Team</label><input id=team type='text' name='team[]'></li>";
                document.getElementById('dynamicInput').appendChild(newdiv);
                var newdiv = document.createElement('div');
                newdiv.innerHTML = "<li><label for=path>Player page path</label><input id=path type='text' name='path[]'></li>";
                document.getElementById('dynamicInput').appendChild(newdiv);
                var newdiv = document.createElement('div');
                newdiv.innerHTML = "<li><label for=image>Player image path</label><input id=image type='text' name='image[]'></li><br/>";
                document.getElementById('dynamicInput').appendChild(newdiv);
            }
        </script>

Here is the php code that form posts to. 

include "const.php";

$entry_results = "";

if( isset($_POST['submit']) )
{
    $conn = mysql_connect(MYSQL_HOST, MYSQL_LOGIN, MYSQL_PASSWORD) or die("Could not connect: " . mysql_error());
    mysql_select_db(MYSQL_DB);

    $player = $_POST['player'];
    $team = $_POST['team'];
    $path = $_POST['path'];
    $image = $_POST['image'];
    $invalid = array();
    $valid = array();
    $j = 0;
    $k = 0;

    for($i=0; $i<count($player);$i++)
    {
        //Check to see if player is in the database
        $query = "Select name FROM tblPlayers where name = '" . $player[i] ."'";
        $result = mysql_query($query);
        if(!empty($result))//if query gives a result add player to list of invalid entries
        {
            $invalid[$j++] = $player[$i];
        }
        else//otherwise add to database
        {
            $valid[$k++] = $player[$i];
            if(empty($image[$i]))
                {$image[$i] = '#';}
            if(empty($path[$i]))
                {$path[$i] = '#';}
            $query = "SELECT entity_id FROM tblTeams WHERE team = '" . $team[$i] . "'";
            $result = mysql_query($query);
            $query = "INSERT INTO tblPlayers ( team_id, name, image, path) VALUES ( 
                '" . $result . "',
                '" . $player[$i] . "',
                '" . $image[$i] . "',
                '" . $path[$i] . "'
            )";
            $result = mysql_query($query);
        }
    }
    if(!empty($invalid[0]))
    {
        for($i=0;$i<count($invalid);$i++){
            $entry_results  .= $invalid[$i];
            if(($i+1)!=count($invalid))
                $entry_results .= ', ';
        }
        $entry_results .= "were found in the database and were not enterered to prevent duplicant record. ";
    }
    if(!empty($valid[0]))
    {
        for($i=0;$i<count($valid);$i++){
            $entry_results .= $invalid[$i];
            if(($i+1)!=count($valid))
                $entry_results .= ', ';
        }
        $entry_results .= "were entered into the players table.";
    }
    mysql_close($conn);
}

?>

This separate line of PHP code tells admin the result of the entry.

<?php
                    if( !empty($entry_results) )
                    {
                        echo "<h3>$register_message</h3><br />\n";
                    }
                ?>
4

2 回答 2

2

您没有正确处理结果集。看一下这段代码:

        $query = "SELECT entity_id FROM tblTeams WHERE team = '" . $team[$i] . "'";
        $result = mysql_query($query);
        $query = "INSERT INTO tblPlayers ( team_id, name, image, path) VALUES ( 
            '" . $result . "',
            '" . $player[$i] . "',
            '" . $image[$i] . "',
            '" . $path[$i] . "'
        )";

在第一次查询之后,$result 将是一个结果资源,而不是“entity_id”列的值。该代码应重写为:

        $query = "SELECT entity_id FROM tblTeams WHERE team = '" . $team[$i] . "'";
        $result = mysql_query($query);
        if ($row = mysql_fetch_assoc($result)) {
             $query = "INSERT INTO tblPlayers ( team_id, name, image, path) VALUES ( 
                 '" . $row['entity_id'] . "',
                 '" . mysql_real_escape_string($player[$i]) . "',
                 '" . mysql_real_escape_string($image[$i]) . "',
                 '" . mysql_real_escape_string($path[$i]) . "'
             )";
        } else {
             die "Couldn't find entity_id for this team.";
        }

此外,您应该正确地转义您在数据库查询中使用的所有用户输入。我在上面使用“mysql_real_escape_string”函数做到了这一点。

于 2012-05-14T01:27:13.527 回答
0

将所有表单元素的名称从例如:“player[]”更改为“player”,并在您的 javascript 中这样做。
提交表单将自动将所有具有相同名称的元素放入一个数组中。

于 2012-05-13T21:32:49.197 回答