[英]SQL syntax error when value is entered for parameter
I have this line of code to enter data into a database using binding: 我有以下代码行可以使用绑定将数据输入数据库:
$mysql = "INSERT INTO Orders (`Name`, `Recipient`, `Destination`, `Room`, `Message`, `Anonymous`, `OffCampus`, `OffCampusAddress`) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = mysqli_prepare($con,$mysql);
Oddly enough, this error only occurs when a value for the column Recipient
is entered in the html form. 奇怪的是,仅当以html形式输入“
Recipient
”列的值时,才会发生此错误。 When nothing is entered in the field it works. 如果在该字段中未输入任何内容,它将起作用。 The error is:
错误是:
mysqli error: You have an error in your SQL syntax; mysqli错误:您的SQL语法有错误; check the manual that corresponds to your MySQL server version for the right syntax to use near '0' at line 1
检查与您的MySQL服务器版本相对应的手册,以在第1行的'0'附近使用正确的语法
Could anyone tell me why entering a value for the parameter would cause a MySQL syntax error? 谁能告诉我为什么输入参数值会导致MySQL语法错误? Thanks in advance, and sorry if it's obvious, I'm new to web development.
在此先感谢您,如果很明显,我很抱歉,我是Web开发的新手。
Here is my binding: 这是我的绑定:
mysqli_stmt_bind_param($stmt, 'ssssssss', $name, $recipient, $destination, $room, $message, $anonymous, $offcampus, $offcampusaddress);
I think you should do like this as in my below code. 我认为您应该像下面的代码一样这样做。
$mysqli = new mysqli('localhost', 'root', '', 'DBNAME');
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$stmt = $mysqli->prepare("INSERT INTO Orders (`Name`, `Recipient`, `Destination`, `Room`, `Message`, `Anonymous`, `OffCampus`, `OffCampusAddress`) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->bind_param("sssdssss", $Name, $Recipient, $Destination, $Room, $Message, $Anonymous, $OffCampus, $OffCampusAddress);
$Name= 'DEU';
$Recipient= 'Bavarian';
$Destination= "XYZ";
$Room= 15;
$Message= 'May I help you';
$Anonymous= 'i do not know';
$OffCampus= "YY";
$OffCampusAddress= "Known Street";
/* execute prepared statement */
$stmt->execute();
printf("%d Row inserted.\n", $stmt->affected_rows);
/* close statement and connection */
$stmt->close();
In bind parameters (sssdssss) means the the type of parameter as you given as input. 在绑定参数中(sssdsssss)表示您作为输入给出的参数类型。 s for string value, and d for decimal value.
s表示字符串值,d表示十进制值。 I keep sssdssss because, d is decimal ie no: of rooms and this type comes first, if in your db, you keep it varchar so you may convert d to s.
我保留sssdssss的原因是,d为十进制,即no:房间数,并且此类型排在第一位,如果在您的数据库中,将其保留为varchar,则可以将d转换为s。 you have write wrong syntax in you question ie
您在您的问题中写了错误的语法,即
mysqli_stmt_bind_param($stmt, 'ssssssss', $name, $recipient, $destination, $room, $message, $anonymous, $offcampus, $offcampusaddress);
Hope it will help you. 希望对您有帮助。
Thanks 谢谢
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.