[英]PHP: PDO MySQL error
I don't really know MySQL but I try.我真的不知道 MySQL,但我尝试。
I have this script in PHP我在 PHP 中有这个脚本
$sql = $DB->prepare("INSERT INTO `users`(`id`, `firstname`, `lastname`, `email`, `password`) VALUES ($this->firstname, $this->lastname, $this->email, $this->password))");
and when I use当我使用
print_r($sql->errorInfo());
It is giving me this error它给了我这个错误
Warning: PDOStatement::execute(): SQLSTATE[HY093]: Invalid parameter number: no parameters were bound in C:\\Bitnami\\wampstack-5.5.27-0\\apache2\\htdocs\\OOPLogin\\register.php on line 115 Array ( [0] => HY093 [1] => [2] => )
警告:PDOStatement::execute(): SQLSTATE[HY093]: 无效的参数号:没有参数被绑定在 C:\\Bitnami\\wampstack-5.5.27-0\\apache2\\htdocs\\OOPLogin\\register.php on line 115 Array ( [0] => HY093 [1] => [2] => )
If anyone could help me, I would appreciate it very much.如果有人能帮助我,我将不胜感激。
Thank you.谢谢你。
EDIT: I changed it to编辑:我把它改成
$sql = $DB->prepare("INSERT INTO `users`(`firstname`, `lastname`, `email`, `password`) VALUES ($this->firstname, $this->lastname, $this->email, $this->password))");
And now it's giving me现在它给了我
Array ( [0] => 42000 [1] => 1064 [2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com, ff0b80f26259f9c0178aeed5198bac48))' at line 1 )
Array ( [0] => 42000 [1] => 1064 [2] => 您的 SQL 语法有错误;请检查与您的 MySQL 服务器版本相对应的手册,以获取在 '@gmail.com 附近使用的正确语法, ff0b80f26259f9c0178aeed5198bac48))' 在第 1 行)
Assuming your using PDO, you need to bind parameters with a prepared statement.假设您使用 PDO,您需要使用准备好的语句绑定参数。
Here's an example, using the PDO::prepare
documentation for reference:这是一个示例,使用
PDO::prepare
文档作为参考:
$statement = $DB->prepare("INSERT INTO `table` (`id`) VALUES (?)");
$statement->execute(array($user_id));
Additional example using mysqli
as an alternative...使用
mysqli
作为替代的其他示例...
$statement = $DB->prepare("INSERT INTO `table` (`id`) VALUES (?)");
$statement->bind_param("i", $user_id);
$statement->execute();
You need to bind each of your parameters instead of putting them inline your prepared statement.您需要绑定每个参数,而不是将它们内联准备好的语句。
You are misusing the prepare()
function.您滥用了
prepare()
函数。 When using prepared statements, you are supposed to use either ?
使用准备好的语句时,您应该使用
?
or :name
as placeholders for your values.或
:name
作为您的值的占位符。 This prevents you from constructing a malicious SQL query from user input.这可以防止您从用户输入构建恶意 SQL 查询。
Also, you are listing 5 fields, but only give 4 values.此外,您列出了 5 个字段,但只给出了 4 个值。 If
id
is an AUTO_INCREMENT
field then it can just be omitted from the query.如果
id
是一个AUTO_INCREMENT
字段,那么它可以从查询中省略。
Finally, you had too many )
in your query,最后,您的查询中有太多
)
,
$sql = $DB->prepare("INSERT INTO `users`(`firstname`, `lastname`, `email`, `password`)
VALUES (:firstname, :lastname, :email, :password)");
Now you just pass an array of values to execute()
to bind to the placeholders.现在您只需将一组值传递给
execute()
以绑定到占位符。
$sql->execute(array(
'firstname' => $this->firstname,
'lastname' => $this->lastname,
'email' => $this->email,
'password' => $this->password
));
PS Your original code didn't work because you forgot to put quotes around your strings. PS 您的原始代码不起作用,因为您忘记在字符串周围加上引号。
INSERT INTO `users` (`email`) VALUE ('test@example.com');
Your ID-column does not have a corresponding value to insert, if that column is auto-incrementint you can skip it, like so:您的 ID-column 没有相应的值可以插入,如果该列是 auto-incrementint,您可以跳过它,如下所示:
$sql = $DB->prepare("INSERT INTO `users`(`firstname`, `lastname`, `email`, `password`) VALUES ($this->firstname, $this->lastname, $this->email, $this->password))");
you need as many values to insert, as you have columns您需要插入的值与列数一样多
An Insert query need to have the same parameters in table fields and values in the same order.插入查询需要在表字段和值中以相同的顺序具有相同的参数。
So, if you have id
, firstname
, lastname
, email
, password
you need to have idValue
, firstnameValue
, lastnameValue
, emailValue
, passwordValue
所以,如果你有
id
, firstname
, lastname
, email
, password
你需要有idValue
, firstnameValue
, lastnameValue
, emailValue
, passwordValue
A good way to try if query is well formed is do an echo $sql
or a var_dump($sql)
and paste the result on a sql ID query like Mysql Workbench or HeidiSql尝试查询是否格式良好的一个好方法是执行
echo $sql
或var_dump($sql)
并将结果粘贴到诸如 Mysql Workbench 或 HeidiSql 之类的 sql ID 查询上
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.