作者:手机用户2602919727 | 来源:互联网 | 2023-05-18 15:20
soihavetablewithfieldslikethis,iwanttobeabletoediteachusernameemailetcifcheckbo
so i have table with fields like this, i want to be able to edit each username/email etc if check box selected.
所以我有这样的字段表,如果选中复选框,我希望能够编辑每个用户名/电子邮件等。
and this is my script, i get array plain text as result from each input, btw Im using query for email only to test first
这是我的脚本,我得到每个输入结果的数组纯文本,顺便说一下我只使用查询电子邮件进行测试
if(isset($_POST['edit']))
{
if(isset($_POST['checkbox'])) {
$id_array = $_POST['checkbox'];
$id_count = count($_POST['checkbox']);
for($i=0; $i <$id_count; $i++) {
$id = $id_array[$i];
$query = ("UPDATE members SET email = '". $_POST['email'] ."' WHERE ID = '". $id ."'");
$result = $conn->query($query);
if($result) {
echo "ok";
}
else {
echo "
Error: " . $conn->error;
}
}
}
}
1 个解决方案
First off, you are vulnerable to sql injection attacks. Enjoy having your server pwn3d.
首先,您很容易受到SQL注入攻击。享受您的服务器pwn3d。
Secondly, you're stuffing your POST array directly into the query, which is incorrect. Since you're using the []
naming hack in the form fields, $_POST['email']
is going to be an ARRAY of values from your form, and you need something more like
其次,您将POST数组直接填充到查询中,这是不正确的。由于你在表单字段中使用[]命名hack,$ _POST ['email']将成为表单中值的ARRAY,你需要更像
.... VALUES ('$_POST[email][$i]', ...)
^^^^
(note the extra array index) to access the individual values in that sub-array.
(注意额外的数组索引)来访问该子数组中的各个值。
Remember, for PHP, using an array in a string context gives you the literal word Array
, and not the array's contents:
请记住,对于PHP,在字符串上下文中使用数组会为您提供文字单词Array,而不是数组的内容:
$foo = array(1,2,3);
echo "$foo"; // outputs 'Array'
echo "$foo[1]"; // outputs '2'