I want to INSERT a set of data submitted by $_POST (in form of array) as
我想插入$_POST(以数组的形式)提交的一组数据
foreach($_POST['data'] as $single) {
$set[]="('static', '$single')";
}
$sets=implode(", ", $set);
mysql_query("INSERT INTO table (Static, Data) VALUES $sets");
Where is the best place to use use mysql_real_escape_string to avoid SQL injection, as the data are submitted by users.
哪里是使用mysql_real_escape_string以避免SQL注入的最佳位置,因为数据是由用户提交的。
2 个解决方案
#1
7
Before going to your first foreach.
在去你的第一个之前。
$_POST['data'] = array_map("mysql_real_escape_string", $_POST['data']);
#2
-1
Try with this:
试试这个:
foreach($_POST['data'] as $single)
{
$set[]="('static', mysql_real_escape_string($single))";
}
$sets = implode(", ", $set);
mysql_query("INSERT INTO `table` (`Static`, `Data`) VALUES ".$sets."");
#1
7
Before going to your first foreach.
在去你的第一个之前。
$_POST['data'] = array_map("mysql_real_escape_string", $_POST['data']);
#2
-1
Try with this:
试试这个:
foreach($_POST['data'] as $single)
{
$set[]="('static', mysql_real_escape_string($single))";
}
$sets = implode(", ", $set);
mysql_query("INSERT INTO `table` (`Static`, `Data`) VALUES ".$sets."");