1

所以我想知道当我将数据的名称设置为日期、开始、结束时,如何在 php 中从 $_POST 获取变量,以数字表示日期和开始和结束它们的位置。对于使用表单创建变量,创建变量可以正常工作,问题是访问它们时出现以下错误:

解析错误:语法错误、意外的 '' (T_ENCAPSED_AND_WHITESPACE)、期望标识符 (T_STRING) 或变量 (T_VARIABLE) 或数字 (T_NUM_STRING)

我的代码:

<?php
$club=$_POST['club'];
$name=$_POST['event'];
$text=$_POST['descript'];

$num=$_POST['quantity'];
$user=$_POST['user'];

$flag=$_POST['flag'];

require_once("conf.inc.php");

$host=$CFG->dbHost;
$userDB=$CFG->dbUser;
$pword=$CFG->dbPassword;
$db=$CFG->dbDatabase;

$mysqli = new mysqli($host, $userDB, $pword, $db);
$mysqli->connect($host, $userDB, $pword, $db);
if(!isset($flag)) {
    $mysqli->query("INSERT INTO fi_events VALUES $name, $text, $club");
    $eventResult = $mysqli->query("SELECT ID FROM fi_events WHERE Name=$name, FlavourText=$text, ClubID=$club");
    while(list($event) = $eventResult->fetch_row()) {
        $ID = $event;
    }
}
else {
    $eventID = $_POST['eventID'];
    for($i=0;$i<$num;$i++){
        $mysqli->query("INSERT INTO fi_slots VALUES $eventID, $_POST['slots$i'], 0, $_POST['date$i'], $_POST['start$i'], $_POST['end$i']");
    }
    echo "SLOT CREATION SUCCESSFUL!";
    echo "<form action='viewEvent.php' enctype='text/plain' method='post'>
        <input type='hidden' id='eventID' name='eventID' value= '$ID' />
        <input type='hidden' id='user' name='user' value= '$user' />
        <input type='submit' name='Submit' value='View Your Event'>
        </form>";
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Make Slots</title>
</head>

<body>
<?php
if(!isset($flag)){
    echo ("<form action='makeSlots.php' method='post'>");
        echo "<input type='hidden' id='quantity' name='quantity' value= '$num' />";
        echo "<input type='hidden' id='flag' name='flag' value= '1' />";
        echo "<input type='hidden' id='eventID' name='eventID' value= '$ID' />"
        echo "<input type='hidden' id='user' name='user' value= '$user' />"
    for ($i=0; $i<$num;$i++){
        echo ("Date:&nbsp; <input type='date' id='date$i' name='date$i' />
        <br/>");
        echo ("Time Begin:&nbsp; <input type='text' id='start$i' name='start$i' />
        <br/>");
        echo ("Time End:&nbsp; <input type='text' id='end$i' name='end$i' />
        <br/>");
        echo ("Total Slots:&nbsp; <input type='text' id='slots$i' name='slots$i' />
        <br/>");
    }
    echo ("<input type='submit' name='Submit' value='Enter' />");
    echo("</form>");
}
?>
</body>
</html>
4

2 回答 2

1

我认为您需要为此使用串联:

$mysqli->query("INSERT INTO fi_slots VALUES $eventID," . $_POST["slots$i"] . ",...");
于 2012-12-04T03:33:39.193 回答
0

正确的语法是这样的:

"{$_POST['slot' . $i]}"

花括号明确地描述了表达式,因此编译器不会抱怨,它会在其中执行连接。

重要的

由于 sql 注入风险,不建议这样做,并且准备好的语句是要走的路:

$stmt = $mysqli->prepare("INSERT INTO fi_slots VALUES (?, ?, 0, ?, ?, ?)");

$stmt->bind_param('s', $_POST['slots' . $i]);
// etc.
$stmt->execute();
于 2012-12-04T03:52:25.363 回答