1

任何人都可以看到以下代码有什么问题吗?

我正在尝试对表单中的 2 个数组执行 foreach 循环。

表格代码:

<td>
<input type="checkbox" name="PR[]" value="DP01">Version 1 Daypack - $55.00<br/>
<input type="checkbox" name="PR[]" value="DP02">Version 2 Daypack - $30.00<br/>
</td>
<td>
<input type="text" name="QTY[]" size = "2"/><br/>
<input type="text" name="QTY[]" size="2"/><br/>
</td>

PHP代码:

if(!empty($_POST['PR']))
{
    foreach (array_combine($_POST['PR'], $_POST['QTY']) as $PRS => $QTYS)
    {
            $sql="INSERT INTO ORDER_TBL (TRANSACTION_ID, CUSTOMER_ID, PRODUCT_ID, QUANTITY)
            VALUES ('','$_SESSION[user]','$PRS,'$QTYS)";

        if (!mysqli_query($con,$sql))
        {
            die('Error: ' . mysqli_error($con));
            exit;
        }
    }
}
4

1 回答 1

1

This way is not really good at all. The textfields will be posted not matter if they're empty or has content, while the checkboxes only is posted when checked. This will cause the arrays to be of different length and array_combine will fail.

Do a print_r($_POST) and you'll see what input is posted.

And that's not even considering the security nightmare this will create.

于 2013-05-31T11:10:28.690 回答