php - Multiple SQL insertions in one query -
hi all, i'm concerned, have array coming in server. array translated variables. such as:
$fpage = $_session['scores']; $score1 = $fpage['0']; $score2 - $fpage['1']; //start of queries // do, not working: $sql ="insert score (scoreid,responseid,assessorid,criteriaid,score,studentid)" . "values ('$rand','$rand2','$adminname','1-22','$score1', '$student')"; $new = mysql_query($sql, $db); $sql2 ="insert score (scoreid,responseid,assessorid,criteriaid,score,studentid)" . "values ('$rand','$rand2','$adminname','1-21','$score2', '$student')"; $new1 = mysql_query($sql3, $db); $sql3 ="insert score (scoreid,responseid,assessorid,criteriaid,score,studentid)" . "values ('$rand','$rand2','$adminname','1-21','$score3', '$student')"; $new2 = mysql_query($sql3, $db); my question is, best way of doing this. have tried loop queries, not work. best way accomplish this?
well, there typo in middle call mysql_query -- passed in $sql3 instead of $sql2.
also, can this:
insert score (scoreid, responseid, assessorid, criteriaid, score, studentid) values (score1, response1, assessor1, criteria1, etc.), (score2, response2, assessor2, criteria2, etc.), (score3, response3, assessor3, criteria3, etc.), etc. which hit database once inserts instead of once per insert.
finally, code appears vulnerable sql injection.
Comments
Post a Comment