i have this code which add textbox dynamically
row_no=0;
function addRow(tbl,row){
row_no++;
if (row_no<=20){
if (row_no>=10){
var textbox = '';}
if (row_no<10){
var textbox = '';}
var textbox2 = '';
var tbl = document.getElementById(tbl);
var rowIndex = document.getElementById(row).value;
var newRow = tbl.insertRow(row_no);
var newCell = newRow.insertCell(0);
newCell.innerHTML = textbox;
var newCell = newRow.insertCell(1);
newCell.innerHTML = textbox2;
var newCell = newRow.insertCell(2);
}
if (row_no>20){
alert ("Too Many Items. Limit of 20.");
}
Html code is<div style="padding-top:30px;">
<input type="button" name="Button" class="button" value="Add Ingredient" onClick="addRow('table1','row1')" />
<table style="padding-left:160px" w开发者_Python百科idth="600" border="0" cellspacing="0" cellpadding="2" id="table1">
<th><center>Ingredient
<th>amount
</center>
<tr id="row1">
</tr>
</table>
</div>
and the php code to post the data is$ingredient = $_POST['ingredient'];
$amount = $_POST['amount'];
$integer = 0;
$ingredient=mysql_real_escape_string($ingredient);
$amount=mysql_real_escape_string($amount);
while (count($ingredient)>$integer) {
if (($ingredient[$integer] <> "") && ($amount[$integer] <> "")){
$sql = "INSERT INTO cafe
.ingredients
(ingredient_name
, ammount
, rec_id
)
VALUES ('".$ingredient[$integer]."', '".$amount[$integer]."', '$rec_id')" ;
echo "the echo value is".$ingredient[$integer]."and the error is below ";
mysql_query($sql) or die(mysql_error());
}
else{
echo "ingredient number ".($integer+1)." is missing values and cannot be inserted.";
}
$integer = ($integer + 1);
}
My question is when i use escape character i.e (') or (") and post the data in php script its ok but when i insert this data to mysql then it will give me errorWarning: mysql_real_escape_string() expects parameter 1 to be string, array given in /var/www/book/books.php on line 123
I think the error message state it, mysql_escape_string expect the first parameters to be a string not an array.
Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /var/www/book/books.php on line 123
you can use array_map
if you want to escape an whole array,you should do:
$ingredient = $_POST['ingredient'];
$amount = $_POST['amount'];
$integer = 0;
$ingredient = array_map('mysql_real_escape_string', $ingredient);
$amount = array_map('mysql_real_escape_string', $amount);
while (count($ingredient)>$integer) {
if (($ingredient[$integer] <> "") && ($amount[$integer] <> "")){
$sql = "INSERT INTO cafe.ingredients (ingredient_name, ammount, rec_id)
VALUES ('".$ingredient[$integer]."', '".$amount[$integer]."', $rec_id)" ;
echo "the echo value is".$ingredient[$integer]."and the error is below
";
mysql_query($sql) or die(mysql_error());
}
else{
echo "ingredient number ".($integer+1)." is missing values and cannot be inserted.";
}
$integer = ($integer + 1);
}
$amount is an array. mysql_real_escape_string expects a string and not an array, that's why you get the error message. You probably need to traverse the $amount array and call mysql_real_escape_string for each member of the array.
精彩评论