0

Hello i got a big trouble which i couldnt solve, this is a very weird problem :S i use the next code:

for( $m = 0; $m < sizeof( $jugadores ) ; $m++ )
{   
            $juga_q = "INSERT INTO jugadores VALUES($jugadores[$m][1],$nom_equipo,'',$jugadores[$m][4]);";
            $result = mysql_query( $juga_q );
            echo $juga_q."<br>";
}

i got information in the array which i want to insert into my data base, for that i dump my query in $juga_q variable which i use in the insert into, but the query doesnt execute and i make an echo to check whats failing and got the next: 

 INSERT INTO jugadores VALUES(Array[1],Aston Villa,'',Array[4]);

when i make a echo of the array out of this query i got no problems, thats why im getting crazy with that and hope u could help me.

Thanks forward!!

4

2 回答 2

1

尝试连接它,

$juga_q = "INSERT INTO jugadores VALUES(". $jugadores[$m][1].",$nom_equipo,'',".$jugadores[$m][4].");";

作为旁注,SQL Injection如果变量的值(s)来自外部,则查询很容易受到攻击。请看下面的文章,了解如何预防。通过使用PreparedStatements,您可以摆脱在值周围使用单引号。

于 2013-02-10T16:11:41.250 回答
1

在字符串中使用数组访问器时,需要将它们括在括号中。

而不是"VALUES ($jugadores[$m][1],...",尝试使用"VALUES ({$jugadores[$m][1]},...".

于 2013-02-10T16:12:44.477 回答