$query = sprintf("INSERT INTO dat(empid,empname,reason,date)VALUES\n%s",
implode(",\n", $values))
$query1= real_escape_string($query);
请帮我对原代码。我不能插入字符。插入两个日期之间使用数组
$query = sprintf("INSERT INTO dat(empid,empname,reason,date)VALUES\n%s",
implode(",\n", $values))
$query1= real_escape_string($query);
请帮我对原代码。我不能插入字符。插入两个日期之间使用数组
首先,总是确保您的数据是安全的。
$emp_id_safe = filter_var($_POST['emp_id'], FILTER_SANITIZE_NUMBER_INT);
$emp_name_safe = filter_var($_POST['emp_name'], FILTER_SANITIZE_STRING);
$reason_safe = filter_var($_POST['reason'], FILTER_SANITIZE_STRING);
$end_date_safe = filter_var($_POST['to_date'], FILTER_SANITIZE_STRING);
其次,MySQL的PHP扩展deprecated,并会在将来被移除。将其替换为mysqli。
if ($emp_id_safe == FALSE || $emp_name_safe == FALSE ||
$reason_safe == FALSE || $end_date_safe == FALSE) {
die('Filter failure');
} else {
$stmt = $mysqli->prepare("INSERT INTO date(empid, empname, reason, date) VALUES (?, ?, ?, ?)");
$stmt->bind_param("ssss", $emp_id_safe, $emp_name_safe, $reason_safe, $end_date_safe);
$stmt->execute();
}
#anna未知列'shyam'in'字段列表'。(不能给字符empid。) – shyam
<?php include(“connect.php”); $ start_date = $ _ POST ['from_date']; $ end_date = $ _POST ['to_date']; $ reason = $ _POST ['reason']; $ emp_id = $ _POST ['emp_id']; $ emp_name = $ _ POST ['emp_name']; $ startTime = strtotime($ start_date); $ endTime = strtotime($ end_date); $ values = array(); ($ timeD $ = startTime; $ time <= $ endTime; $ time = strtotime('+ 1 day',$ time)) {$ thisDate = date('Y-m-d',$ time); ($ emp_id,$ emp_name,$ reason,'$ thisDate')“;} $查询= sprintf(”INSERT INTO日期(empid,empname,reason,date)VALUES(%s)“ ,implode(“,”,$ values)); mysql_query($ query)或die(mysql_error())?> – shyam
$ values变量的值是多少? – Archana
强烈建议使用准备好的语句。你也可以试试这个:http://stackoverflow.com/questions/920353/can-i-bind-an-array-to-an-in-condition#920523 – stack
#archana:如果我把INT给empid,empname,我可以插入到数据库的原因和日期。如果我使用字符empid显示错误,如“字段列表”中的“未知列'shyam'”。 – shyam