本文介绍了无法使用"Insert Into"将文本发布到MySQL.的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用此查询输入信息以进行前端编辑. 2个问题.首先,输入可以很好地用作数字,但不会发布文本.其次,new_type1和new_type2是复选框,不能正确发布.

I am using this query to input info for front end editing. 2 problems. First, input works fine as number, but will not post text. Second, new_type1 and new_type2 are checkboxes and do not post correctly.

$query = "DELETE p.* FROM #__bl_press as p WHERE p.match_id = ".$row->id;
$db->setQuery($query);
$db->query();

if(isset($_POST['new_source']) && count($_POST['new_source'])){
   for ($i=0; $i< count($_POST['new_source']); $i++){
      $new_event1 = $_POST['new_source'][$i];
      $query = "INSERT INTO #__bl_press(n_source, n_title, n_link, match_id, type1, type2) VALUES(".$new_event1.",".$_POST['new_title'][$i].",".$_POST['new_link'][$i].",".$row->id.",".intval($_POST['new_type1'][$i]).",".intval($_POST['new_type2'][$i]).")";
      $db->setQuery($query);
      $db->query();
   }
}

推荐答案

您需要在字符串值两边加上引号:

You need quotes round the string values:

$query = "INSERT INTO #__bl_press(n_source,n_title,n_link,match_id,type1,type2)".
         "VALUES('".$new_event1."','".$_POST['new_title'][$i]."','" . // etc
//               ^               ^ ^                           ^ ^

此外,您还应该使用 mysql_real_escape_string 或参数化查询,以避免在发布的数据包含诸如引号或反斜杠之类的字符时出现SQL注入漏洞和运行时错误.另请参阅此问题以获取更多信息:

Also you should use mysql_real_escape_string or parameterized queries to avoid SQL injection vulnerabilities and runtime errors when the posted data contains characters such as quotes or backslashes. See also this question for more information:

这篇关于无法使用"Insert Into"将文本发布到MySQL.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-30 04:56