0

我正在尝试在 DB 中发布一些值,但由于某种原因没有插入数据。从视图返回的数组不为空。但是查询没有执行。

我的部分观点:

<?echo form_open_multipart('eva/evluation_questions_value_entry'); ?>

<input type="hidden" name="id" value="<?php echo htmlspecialchars($id) ?>">
<?php  foreach ($info as $row){ 
  echo "<div class='row'>";
  $i=$row->id;
  echo "<div class='firstc'>".$row->id ."</div>";

  echo "<div class='secondc'>".$row->name ."</div>";

  echo  '<input type="hidden" name="training_evaluation_entry_id'.$i.'" value='.$i.'>';
            //some codes
<input id="submit" type="submit" value="Submit" name="Submit">

  </form> 

控制器:

    public function evluation_questions_value_entry() {
    $this->load->helper('url');
    $this->load->helper(array('form', 'url'));
    $this->load->model('TrainingEvaluationModel');
    $trainingEvaluation = $this->TrainingEvaluationModel->evluation_questions_value_entry();
}

该模型:

$this->ip_address = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] . '||' . $_SERVER['REMOTE_ADDR'] : $_SERVER['REMOTE_ADDR'];        
$this->created_on = date('Y-m-d H:i:s');
$this->created_by = 101;
$this->updated_on = null;
$this->updated_by = 0;


for ($i = 1; $i <= 13; $i++) {

    $this->training_evaluation_entry_id = $_POST['training_evaluation_entry_id'.$i];
    $this->value = $this->db->escape($_POST['group'.$i]);


    $query = "INSERT INTO training_evaluation_info(training_evaluation_entry_id,value,ip_address,created_by) 
    VALUES($this->training_evaluation_entry_id,$this->value,'$this->ip_address',$this->created_by)";
    if ($this->db->affected_rows()>0)
{
    return TRUE;
}
return FALSE;    

}

它没有给出任何错误并且数据数组被正确传递给模型但是为什么它没有被插入到数据库中?

4

1 回答 1

2

您的引用在不转义所有字段的情况下看起来很危险(我建议您了解参数化查询),在这种情况下,您只需设置$query;

$query = "INSERT INTO training_evaluation_info(training_evaluation_entry_id,value,ip_address,created_by) 
VALUES($this->training_evaluation_entry_id,$this->value,'$this->ip_address',$this->created_by)";

...但从未真正执行过它。

您需要添加一个;

$this->db->query($query);
于 2013-07-21T16:00:38.953 回答