4

你好

,这部分表单显示了 mysql 表中的列名(安装在计算机上的应用程序的名称),并创建了一个带有 YES/NO 选项或输入 type="text" 框的表单以获得应用程序的额外权限。

我怎么能使用 POST 和 mysql_query INSERT INTO 将其插入到 mysql 表中??????
列的数量正在发生变化,因为有另一种形式可以添加具有/不具有特权的应用程序。

<tr bgcolor=#ddddff>';

//mysql_query for getting columns names
$result = mysql_query("SHOW COLUMNS FROM employees") or   die(mysql_error());   
while ($row = mysql_fetch_array($result))
{
    //exclude these columns bcs these are in other part of form
    if($row[0] == 'id' || $row[0] == 'nameandsurname' || $row[0] == 'department' 
            || $row[0] == 'phone' || $row[0] == 'computer'  || $row[0] == 'data') 
        continue;
    echo '<td bgcolor=#ddddff>'.$row[0].'<br />';

    if (stripos($row[0], "privileges") !== false) {
        echo '<td bgcolor=#ddddff><p><a class=hint href=#>
            <input type="text" name="'.$row[0].'">
            <span>Privileges like "occupation" or "like  someone"</span></a></p></td></tr>';
    }
    else
    {
        echo '<td bgcolor=#ddddff align=center><select name="'.$row[0].'">
            <option value = "No">No
            <option value = "Yes">Yes
            </td>
            </tr>';
    }
}

trim($_POST); // ????

$query = "INSERT INTO 'employees' VALUES (??)";  // ????
4

2 回答 2

6

因为您没有插入所有列,所以您需要动态构建一个插入语句,该语句将指定您要插入的列。

首先,创建要使用的列的数组。使用它来生成表单和检索值

$exclude = array("id", "nameandsurname", "departument", "phone", "computer", "date");
$result = mysql_query("SHOW COLUMNS FROM employees") or   die(mysql_error());
$columns = array();
while ($row = mysql_fetch_array($result)) {
    if (!in_array($row[0], $exclude) {
        $columns[] = $row[0];
    }
}

$columns数组中呈现您的表单:

foreach ($columns as $column) {
    echo '<tr><td bgcolor="#ddddff">'.$column.'<br />';
    if (stripos($column, "privileges") !== false) {
        echo '<p><a class="hint" href="#">
                <input type="text" name="'.$column.'">
                <span>Privileges like "occupation" or "like  someone"</span></a>';
    } else {
        echo '<select name="'.$column.'">
                <option value = "No">No
                <option value = "Yes">Yes
              </select>';
    }
    echo '</td></tr>';
}

然后,从这些列的发布值动态构建您的 INSERT 字符串。一定要防止 SQL 注入:

$keys = array();
$values = array();
foreach ($columns as $column) {
    $value = trim($_POST[$column]);
    $value = mysql_real_escape_string($value);
    $keys[] = "`{$column}`";
    $values[] = "'{$value}'";
}
$query = "INSERT INTO 'employees' (" . implode(",", $keys) . ") 
          VALUES (" . implode(",", $values) . ");";

注意:如果您从中选择,这将更好地工作,INFORMATION_SCHEMA.COLUMNS这样您就可以知道您要插入的列的类型。这样,您就不必引用所有内容。

于 2013-07-31T11:28:48.697 回答
0 
<html>
<body>
<form action="dynamicinsert.php" method="POST" >
user name:<br>
<input type="text" id="username" name="username">
<br><br>
first name:<br>
<input type="text" id="firstname" name="firstname">
<br><br>
password:<br>
<input type="password" id="password" name="password">
<br><br>
<input type="submit" name="submit" value="add" />
</form>
</body>
</html>

<?php
$servername = "localhost";
$username = "your_username";
$password = "your_password";
$dbname = "you_DB_name";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

function insertqueryfunction($dbfield,$table) {
   $count = 0;
   $fields = '';

   foreach($dbfield as $col => $val) {
      if ($count++ != 0) $fields .= ', ';
      $col = addslashes($col);
      $val = addslashes($val);
      $fields .= "`$col` = '$val'";
   }
   $query = "INSERT INTO $table SET $fields;";
   return $query;

} 

if(isset($_POST['submit']))
{

    // Report all errors
error_reporting(E_ALL);

    // Same as error_reporting(E_ALL);
     ini_set("error_reporting", E_ALL);
     $username_form = $_POST['username'];
     $firstname_form = $_POST['firstname'];
     $password_form = $_POST['password'];
     $you_table_name = 'you_table_name';

     $dbfield = array("username"=>$username_form, "firstname"=>$firstname_form,"password"=>$password_form);

     $querytest =  insertqueryfunction($dbfield,'you_table_name');

     if ($conn->query($querytest) === TRUE) {
    echo "New record created successfully";
    } else {
    echo "Error: " . $sql . "<br>" . $conn->error;
    }

    $conn->close();

}  
?>
于 2015-07-02T12:38:46.827 回答