-1

I've contracted a simple tagging system,

My PHP page gets a string of tags, First it 'exlpode' them and then I use a foreach loop to find the tag id in the id-tagname table, once I found the tag id I place it in another table called articledtaged, where there two values, article id and tag id.

This is the code:

if (isset($_POST['tag'])&&!empty($_POST['tag'])){
    $tag = $_POST['tag'];
    $tagsarr = explode(",", $tag);
    print_r ($tagsarr);
    foreach($tagsarr as $key=>$row){
    echo $row ;

    $tagidquery = "SELECT id FROM tags WHERE tagname = '$row'";
    $results = mysql_query($tagidquery);
    $tagidarr = mysql_fetch_assoc($results);
    $tagid = $tagidarr['id'];
    echo $tagid;

    $taginsertquery = "INSERT INTO tagedarticle (articleid,tagid) VALUES('$yourarticleid','$tagid')";
    mysql_query($taginsertquery);
    }

But the second part only works once,

For example, if I have 3 tags, "cool", "wonderful", "lame", each with its own id (lets say 4-6 for this example). The results will be

tagname     tagid    
cool         4
wonderful  (empty)
lame       (empty)

But why?!

please advice.

4

3 回答 3

1

如果你稍微改变一下逻辑怎么办。您正在用逗号分解标签值,所以为什么不使用 IN 语句将其放入选择查询中。然后您可以遍历返回的标签 ID 并将它们插入到您的多对多表中。

if ( isset($_POST['tag']) && !empty($_POST['tag']) ) {
    $tag = "'" . str_replace(",", "','", $_POST['tag']) . "'";
    $tagidquery = "SELECT id FROM tags WHERE tagname IN ($tag)";
    $results = mysql_query($tagidquery);
    while($row = mysql_fetch_assoc($results))
    {
        $tagId = $row['id'];
        $taginsertquery = "INSERT INTO tagedarticle (articleid,tagid) VALUES('$yourarticleid','$tagId')";
        mysql_query($taginsertquery);
    }
}
于 2013-04-17T18:01:42.110 回答
0

您可以使用 mysqli 准备好的语句,这些语句在循环中工作得更好并防止 sql 注入:

if ( isset($_POST['tag']) && !empty($_POST['tag']) )
{
    $tag     = $_POST['tag'];
    $tagsarr = explode(",", $tag);
    $con     = new mysqli('host', 'username', 'password', 'database');
    $select  = $con->prepare("SELECT id FROM tags WHERE tagname=? LIMIT 1");
    $insert  = $con->prepare("INSERT INTO tagedarticle (articleid,tagid) VALUES(?,?)";
    foreach($tagsarr as $key=>$row)
    {
        $select->bind_param("s", $row);
        $select->execute();
        $select->bind_result($id);
        $select->fetch();

        $insert->bind_param('ss', $yourarticleid, $id);
        $insert->execute();
    }
    $select->close();
    $insert->close();
    $con->close();
}
于 2013-04-17T18:39:58.647 回答
0

干净的:


if (empty($_POST['tag']))
    return;

$tagsarr = explode(",", $_POST['tag']);
$tagsSQL = array();
foreach ($tagsarr as $tag)
    $tagsSQL[] = '"'.mysqli_real_escape_string($link, trim($tag)).'"';

$tagidquery = "SELECT id FROM tags WHERE tagname IN (".implode(",", $tagsSQL.")";
$results = mysql_query($tagidquery);
while($row = mysql_fetch_assoc($results)) {
    $tagId = $row['id'];
    $taginsertquery = "INSERT INTO tagedarticle (articleid,tagid) VALUES(".intval($yourarticleid).",".intVal($tagId).")";
    mysql_query($taginsertquery);
}
于 2013-04-17T18:34:53.880 回答