1. 首頁
  2. 問答
  3. 如何建立一個動態的MySQL INSERT語句與PHP

如何建立一個動態的MySQL INSERT語句與PHP

2013-07-31 45 views
2

你好

一個表格中的這一部分是從MySQL表的列名(安裝在計算機上的應用程序名稱),並創建與YES/NO選項或形式輸入類型=「文本」框中的其他權限應用..

我怎樣才能將它裝回使用POST和的mysql_query INSERT INTO一個MySQL表?????
數量列正在發生變化,因爲有另一種形式添加帶/應用程序沒有特權..如何建立一個動態的MySQL INSERT語句與PHP

<tr bgcolor=#ddddff>'; 

//mysql_query for getting columns names 
$result = mysql_query("SHOW COLUMNS FROM employees") or die(mysql_error()); 
while ($row = mysql_fetch_array($result)) 
{ 
    //exclude these columns bcs these are in other part of form 
    if($row[0] == 'id' || $row[0] == 'nameandsurname' || $row[0] == 'department' 
      || $row[0] == 'phone' || $row[0] == 'computer' || $row[0] == 'data') 
     continue; 
    echo '<td bgcolor=#ddddff>'.$row[0].'<br />'; 

    if (stripos($row[0], "privileges") !== false) { 
     echo '<td bgcolor=#ddddff><p><a class=hint href=#> 
      <input type="text" name="'.$row[0].'"> 
      <span>Privileges like "occupation" or "like someone"</span></a></p></td></tr>'; 
    } 
    else 
    { 
     echo '<td bgcolor=#ddddff align=center><select name="'.$row[0].'"> 
      <option value = "No">No 
      <option value = "Yes">Yes 
      </td> 
      </tr>'; 
    } 
} 

trim($_POST); // ???? 

$query = "INSERT INTO 'employees' VALUES (??)"; // ????

來源

2013-07-31 Michal

+0

你在哪裏使用HTML表單標籤?沒有在提交表格後無法創建,如果你想在點擊事件中使用,然後使用AJAX – Vineet1982

回答

4

因爲你不插入所有列,你需要動態地構建將指定列的INSERT語句你正在插入。

首先,創建您要使用的列的數組。使用此既能生成表單和檢索值

$exclude = array("id", "nameandsurname", "departument", "phone", "computer", "date"); 
$result = mysql_query("SHOW COLUMNS FROM employees") or die(mysql_error()); 
$columns = array(); 
while ($row = mysql_fetch_array($result)) { 
    if (!in_array($row[0], $exclude) { 
     $columns[] = $row[0]; 
    } 
}

$columns陣列渲染表單:

foreach ($columns as $column) { 
    echo '<tr><td bgcolor="#ddddff">'.$column.'<br />'; 
    if (stripos($column, "privileges") !== false) { 
     echo '<p><a class="hint" href="#"> 
       <input type="text" name="'.$column.'"> 
       <span>Privileges like "occupation" or "like someone"</span></a>'; 
    } else { 
     echo '<select name="'.$column.'"> 
       <option value = "No">No 
       <option value = "Yes">Yes 
       </select>'; 
    } 
    echo '</td></tr>'; 
}

然後,從這些列中的值發佈動態生成的INSERT字符串。一定要防止SQL注入:

$keys = array(); 
$values = array(); 
foreach ($columns as $column) { 
    $value = trim($_POST[$column]); 
    $value = mysql_real_escape_string($value); 
    $keys[] = "`{$column}`"; 
    $values[] = "'{$value}'"; 
} 
$query = "INSERT INTO 'employees' (" . implode(",", $keys) . ") 
      VALUES (" . implode(",", $values) . ");";

注:這將更好地工作,如果你從INFORMATION_SCHEMA.COLUMNS選擇,這樣你就可以知道你在插入列的類型。這樣,你不必引用所有的東西。

來源

2013-07-31 11:28:48

+1

'mysql_real_escape_string()'存在太:) –

+0

@Jack - 是的,但它需要一個'mysql_connect'ion,和' mysql'庫在PHP的更高版本中被棄用 –

+0

我顯示該行被註釋掉的原因是因爲如果他在沒有活動連接的情況下嘗試我的代碼,那行就會失敗。 –

0 
<html> 
<body> 
<form action="dynamicinsert.php" method="POST" > 
user name:<br> 
<input type="text" id="username" name="username"> 
<br><br> 
first name:<br> 
<input type="text" id="firstname" name="firstname"> 
<br><br> 
password:<br> 
<input type="password" id="password" name="password"> 
<br><br> 
<input type="submit" name="submit" value="add" /> 
</form> 
</body> 
</html> 

<?php 
$servername = "localhost"; 
$username = "your_username"; 
$password = "your_password"; 
$dbname = "you_DB_name"; 
$conn = new mysqli($servername, $username, $password, $dbname); 
if ($conn->connect_error) { 
    die("Connection failed: " . $conn->connect_error); 
} 

function insertqueryfunction($dbfield,$table) { 
    $count = 0; 
    $fields = ''; 

    foreach($dbfield as $col => $val) { 
     if ($count++ != 0) $fields .= ', '; 
     $col = addslashes($col); 
     $val = addslashes($val); 
     $fields .= "`$col` = '$val'"; 
    } 
    $query = "INSERT INTO $table SET $fields;"; 
    return $query; 

} 

if(isset($_POST['submit'])) 
{ 

    // Report all errors 
error_reporting(E_ALL); 

    // Same as error_reporting(E_ALL); 
    ini_set("error_reporting", E_ALL); 
    $username_form = $_POST['username']; 
    $firstname_form = $_POST['firstname']; 
    $password_form = $_POST['password']; 
    $you_table_name = 'you_table_name'; 

    $dbfield = array("username"=>$username_form, "firstname"=>$firstname_form,"password"=>$password_form); 

    $querytest = insertqueryfunction($dbfield,'you_table_name'); 

    if ($conn->query($querytest) === TRUE) { 
    echo "New record created successfully"; 
    } else { 
    echo "Error: " . $sql . "<br>" . $conn->error; 
    } 

    $conn->close(); 

} 
?>

來源

2015-07-02 12:38:46 sam

+0

嗨山姆,歡迎來到SO並感謝您註冊回答這個問題。爲了讓你的答案更好,最好在你的代碼解決OP的問題時加上一些解釋。 – nhee

相關問題

 相關問題