addslashes函数:数据库安全考虑
public function batchAdd($ids,$title,$content,$noticeType)
{
$sql = "";
$i = 0;
foreach ($ids as $key=> $val) {
if ($i == 0) {
$sql .= '(';
} else {
$sql .= ',(';
}
$sql .= '"' . addslashes($title) . '"';
$sql .= ',"' . addslashes($content) . '"';
$sql .= ',"' . time() . '"';
$sql .= ',"' . $val["user_id"] . '"';
$sql .= ',"' . $noticeType . '"';
$sql .= ')';
$i += 1;
}
$sql = 'insert into ' . C('DB_PREFIX') . 'notice (`title`, `content`, `add_time`, `receiver_id`, `notice_type`) values ' . $sql . '';
return self::execute($sql);
}