2012-11-01 103 views
0

數組和商店回報,我想一個PHP陣列作爲存儲在MySQL JSON。爲此我有meeting_point_json列,type ='longtext'。PHP json_encode在MySQL

這裏是數組:

Array 
(
    [1] => Array 
     (
      [date] => 23/4/2012 
      [meeting_time] => 23:04 
      [meeting_place] => town hall 
      [venue] => London 
      [opponents] => Tigers 
      [official_incharge] => Mr Putin 
     ) 

    [2] => Array 
     (
      [date] => 23/4/2050 
      [meeting_time] => 13:04 
      [meeting_place] => chief office 
      [venue] => Kenya 
      [opponents] => Peococks 
      [official_incharge] => Mr Black 
     ) 

    [3] => Array 
     (
      [date] => dsad 
      [meeting_time] => sadas 
      [meeting_place] => jjjjj 
      [venue] => jjjj 
      [opponents] => dasds 
      [official_incharge] => asad 
     ) 

) 

這裏是PHP代碼:

$data = json_encode($_POST['team_meeting_pt']); 
    $sql = "UPDATE yami_sub_team set meeting_point_json = $data where id = $subteam_id"; 
    if(mysql_query($sql)){ 
     exit("Done!"); 
    }else{ 
     die('Something went wrong, changes not saved. Error details: ' . mysql_error()); 
    } 

它應該工作,但取而代之的是,我得到一個錯誤:

Something went wrong, changes not saved. Error details: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"1":{"date":"23\/4\/2012","meeting_time":"23:04","meeting_place":"town hall","ve' at line 1 

任何想法我在這裏做錯了什麼?

+0

什麼的$數據的全部價值? –

+0

如果_POST [''team_meeting_pt]是空的或更糟的是NOT SET? – Svetoslav

+0

@Svetlio或者更糟的是,試圖破解他的數據庫? :) –

回答

0

看到:與".$data."$subteam_id".$subteam_id."

可變記得SQL查詢只發送爲字符串,而不是變量中有... 和它做你的所有方式來寫PHP $data變量的變化。始終以包裹變量「」和「..」

「」和「..」是取決於你的帶包裝: 例如: 如果是這樣的 $string = mysql_query("SELECT DATA FROM ".$variable.""); 所以,你必須使用「..」包裝! 如果這樣 $string = mysql_query('SELECT DATA FROM '.$variable.''); 所以,你必須使用「..」包裝!

祝你好運的朋友

0

試試這個行,而不是你的:

$sql = "UPDATE yami_sub_team SET `meeting_point_json`='".$data."' WHERE `id`='".$subteam_id."';"; 
+1

仍然傾向於SQL注入。使用'mysql_real_escape_string',或者更確切地說,不要使用已棄用的mysql_ *函數,並用預處理語句選擇PDO。 –

0
$data = "'" . mysql_escape_string(json_encode($_POST['team_meeting_pt'])) . "'"; 

變化1號線

0

首先我會用一個準備語句。並將結果綁定到它以避免所有困難的船隻。

$conn = new mysqli($servername, $username, $password, $dbname); 
//replaced $data with ? for security reasons 
$sql = "UPDATE yami_sub_team set meeting_point_json = ? where id = $subteam_id"; 
$stmt->$conn_prepare($sql); 
//binds data to the ? 
// the 's' states string is replacing ? 
$stmt->bind_param('s',$data); 
if($stmt->execute()){ 
{ 
    exit("Done!"); 
}else{ 
    die('Something went wrong....); 
}