diff --git a/batch_insert.php b/batch_insert.php
index 20867af..afad832 100644
--- a/batch_insert.php
+++ b/batch_insert.php
@@ -19,7 +19,7 @@ if (!$conn) {
}
//获得用户名数据
-$source = $_POST['users'];
+$source = mysqli_real_escape_string($conn,$_POST['users']);
//如有多个空格,删除剩一个空格
$source1 = preg_replace('/\s\s+/', ' ', $source);
@@ -31,13 +31,12 @@ $source2 = trim($source1);
//根据空格拆分
$user = explode(' ', $source2);
-
//插入数据
for($index=0; $index < count($user); $index++) {
$result = mysqli_query($conn, "SELECT * FROM `students_data` WHERE Student_ID='$user[$index]'");
if (mysqli_num_rows($result) < 1) {
if (! mysqli_query($conn, "REPLACE INTO `students_data`(`Student_ID`, `Passport_Number`) VALUES('$user[$index]', '')" ) ) {
- echo "SQL Error: " . $sql_stmt . "
" . mysqli_error($conn);
+ echo "SQL Error: " . $sql_stmt . "
" .htmlspecialchars(mysqli_error($conn));
} else {
echo "Student number $user[$index] added.
";
}