PHP将数组插入MySQL数据库从复选框获取数据

Question

HTML 输入

<input type="checkbox" value="1" name="que[10][1]">
<input type="checkbox" value="2" name="que[10][2]">
<input type="checkbox" value="3" name="que[10][3]">
...
<input type="checkbox" value="40" name="que[10][40]">

PHP 提交

$submit = $_POST["que"];

我想在我的数据库中存储以下数组：

Array
(
    [10] => Array
        (
            [0] => 26
            [1] => 27
            [2] => 28
            [3] => 29
            [4] => 30
            [5] => 31
        )

)

如何转换为插入语句输出如下：

INSERT INTO `tb_answers` (`question_id`, `answer`) VALUES(10,26),(10,27),(10,28),(10,29),(10,30);

这是我的代码：

$submit = $_POST['que'];

$all_values = [];

$sql_submit_form = "INSERT INTO `tb_answers` (`question_id`, `answer`) VALUES";

foreach ($submit as $question_id => $choise) {
   
    $row_values = [];
    foreach ($choise as $choise_data => $s_value) { 
        $row_values[] = "'" . $question_id . "'"; // question_id
        $row_values[] = "'" . $s_value . "'"; // answer

    }
    $all_values[] = '(' . implode(',', $row_values) . ')';
}
$sql_submit_form .= implode(',', $all_values);

echo $sql_submit_form;

输出：

INSERT INTO `tb_answers` (`question_id`, `answer`) VALUES('10','27','10','28','10','29','10','30','10','31','10','32')

Answer 1

如前所述，您构建了错误的 SQL 查询。 SQL Injection 是个东西，需要用'?'如果您打算在生产环境中使用它，请使用占位符。 你想要的输出可以这样生成：

$row_values = [];
foreach ($submit as $question_id => $choise) {
    foreach ($choise as $choise_data => $s_value) {
        $row_values[] = "(". $question_id .",".$s_value . ")";
    }
}
$sql_submit_form .= implode(',', $row_values);

Answer 2

你只需要清理你已经拥有的东西。也无需将原始数据注入您的 SQL 代码，这只会使代码更难维护（除了不安全）：

$params = $clauses = [];
foreach ($submit as $question_id => $choices) {
    foreach ($choices as $choice_id) {
        $clauses[] = '(?, ?)';
        $params[] = $question_id;
        $params[] = $choice_id;
    }
}
$sql = 'INSERT INTO `tb_answers` (`question_id`, `answer`) VALUES ' . implode(', ', $clauses);

然后将$params 输入到准备好的语句中，您就完成了。