用php插入mysql数据库
[英]Inserting into mysql database with php
问题描述
I imagine this is a simple issue, I simply cannot find out where or why. 
我想这是一个简单的问题,我根本无法找出原因或原因。 (hope this isn't a duplicate).. (希望这不是重复的。)
My intent is to grab the info from an input and from a textarea and insert it into my database into the proper table that already exists "journals". 我的目的是从输入和文本区域中获取信息,并将其插入数据库中适当的表中,该表已经存在。 However after hitting submit and without receiving any errors there is nothing added to the database... thoughts? 但是,在单击提交并且没有收到任何错误之后,没有任何内容添加到数据库中。
here is my "view" (post.php): 这是我的“视图”(post.php):
<fieldset>
<form method="post" action="push.php">
<input type="text" name="datetitle" /><br />
<textarea name="journalcontent"></textarea><br />
<input type="submit" />
</form>
<?php echo $datetitle ?>
<p><?php $output ?></p>
</fieldset>
here is my "index" (push.php) with obvious parts omitted: 这是我的“索引”(push.php),其中省略了明显的部分:
<?php
$dsn = '*';
$username = '*';
$password = '*';
include "model.php";
try {
$db = new PDO($dsn, $username, $password);
} catch (PDOException $exc) {
echo 'connection failed';
exit;
}
echo 'goodzo';
$datetitle = $_POST['datetitle'];
$journalcontent = $_POST['journalcontent'];
if (!empty($datetitle)) {
$output = add_entry($datetitle, $journalcontent);
} else {
$output = "empty";
}
include "post.php";
?>
and lastly my model.php: 最后是我的model.php:
<?php
function add_entry($datetitle, $journalcontent) {
global $db;
$query = 'INSERT INTO journals
(entry_date, contents)
VALUES
($datetitle, $journalcontent)';
try {
$statement = $db->prepare($query);
$statement->execute();
$statement->closeCursor();
} catch (PDOException $e) {
$error_message = $e->getMessage();
display_db_error($error_message);
}
}
?>
2 个解决方案
解决方案1
5 已采纳 2013-07-06 23:25:25
When you use a single quote, it doesn't expand the variables in the string. 当您使用单引号时,它不会扩展字符串中的变量。 Also, your parameters need to be in quotes if they're not integers. 另外,如果参数不是整数,则必须用引号引起来。 So the query assignment should look like this: 因此,查询分配应如下所示:
$query = "INSERT INTO journals
(entry_date, contents)
VALUES
('$datetitle', '$journalcontent')";
That said, you should really be using bind parameters to pass the values to the query. 也就是说,您确实应该使用绑定参数将值传递给查询。 Something like this: 像这样:
$query = 'INSERT INTO journals
(entry_date, contents)
VALUES
(?, ?)';
$statement = $db->prepare($query);
$statement->bindParam(0, $datetitle, PDO::PARAM_STR);
$statement->bindParam(1, $journalcontent, PDO::PARAM_STR);
$statement->execute();
解决方案2
0 2013-07-06 23:28:39
You should turn PDO's error reporting on first of all; 首先,您应该打开PDO的错误报告; I would use 我会用
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
Unless $datetitle and $journalcontent are both integers, the query will fail due to an SQL syntax error and a lack of string quoting. 除非$datetitle和$journalcontent都是整数,否则查询将由于SQL语法错误和缺少字符串引用而失败。 You should parameterize the query to avoid this problem as well as possible injection. 您应该对查询参数化,以避免出现此问题以及可能的注入。
$query = <<<SQL
INSERT INTO journals
(entry_date, contents)
VALUES
(?, ?)
SQL;
$statement = $db->prepare($query);
$statement->execute(array($datetitle, $journalcontent));
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.