我正在构建一个内容管理系统,其中有一个包含大量数据的表单需要添加到我的数据库中。这是我收集变量的地方...
最后,该函数...
$orgName = $_POST['orgName'];
$impact = $_POST['impact'];
$headline = $_POST['headline'];
$content = $_POST['content'];
$subContent = $_POST['subContent'];
$meterText = $_POST['meterText'];
$month = $_POST['month'];
$shopLink = $_POST['shopLink'];
$blurbTitle = $_POST['blurbTitle'];
$blurb = $_POST['blurb'];
$logoURL = $_POST['logoURL'];
$buttonURL = $_POST['buttonURL'];
$blurbURL = $_POST['blurbURL'];
$POMURL = $_POST['POMURL'];
$horizontalURL = $_POST['horizontalURL'];
$statURL = $_POST['statURL'];
$stats = $_POST['stats'];
我在这里使用 SQL 转义、验证并发送到我的函数(略去了空间的验证)...
require_once 'DB_Connect.php';
$connection = new DB_Connect();
$connection->insertPartner(
$index,
mysql_real_escape_string($orgName),
mysql_real_escape_string($impact),
mysql_real_escape_string($headline),
mysql_real_escape_string($content),
mysql_real_escape_string($subContent),
$month,
mysql_real_escape_string($shopLink),
mysql_real_escape_string($blurbTitle),
mysql_real_escape_string($meterText),
mysql_real_escape_string($blurb),
mysql_real_escape_string($stats),
mysql_real_escape_string($logoURL),
mysql_real_escape_string($buttonURL),
mysql_real_escape_string($blurbURL),
mysql_real_escape_string($POMURL),
mysql_real_escape_string($horizontalURL),
mysql_real_escape_string($statURL)
))
最后,该函数...
public function insertPartner(
$orgName = '',
$impact = '',
$headline = '',
$content = '',
$subContent = '',
$month = '',
$shopLink = '',
$blurbTitle = '',
$blurb = '',
$stats = '',
$logoURL = '',
$buttonURL = '',
$blurbURL = '',
$POMURL = '',
$horizontalURL = '',
$statURL = '')
{
$query="INSERT INTO `hupcap_FCE`.`fce_partners` (
`index`,
`organization_name`,
`impact`,
`headline`,
`content`,
`sub_content`,
`blurb_title`,
`blurb`,
`stats`,
`month`,
`meter_number`,
`meter_text`,
`shop_link`,
`button_img_url`,
`blurb_img_url`,
`logo_url`,
`month_img_url`,
`horizontal_logo_url`,
`stat_img_url`,
`util`
) VALUES (
'',
'$orgName',
'$impact',
'$headline',
'$content',
'$subContent',
'$blurbTitle',
'$blurb',
'$stats',
'$month',
0,
'',
'$shopLink',
'$buttonURL',
'$blurbURL',
'$logoURL',
'$POMURL',
'$horizontalURL',
'$statURL',
0)";
if(mysql_query($query)){
return true;
}else{
die("failed to insert record" . mysql_error());
}
}
肯定有更加高效的方法来完成这个任务。 谁有最好的方法呢?
谢谢 -J