使用PDO和BindParameters将数据从表单插入MYSQL
[英]Inserting data from a form to MYSQL using PDO and BindParameters
问题描述
I am trying to insert data from a form to MYSQL database using PDO and bind parameters. 
我正在尝试使用PDO和绑定参数将数据从表单插入MYSQL数据库。 I first attempted the insertion without PDO and bindParam and the data was successfully taken from the form and inserted into the database but that basic method was open to SQL injection. 我首先尝试在没有PDO和bindParam的情况下进行插入,并且数据已成功从表单中获取并插入到数据库中,但是该基本方法可以进行SQL注入。 Now I am using the following (see code below) PDO and bindParam methods but the data is not being inserted into my database. 现在,我正在使用以下PDO和bindParam方法(请参见下面的代码),但是数据没有插入到我的数据库中。
Question : What am I doing wrong? 问题 :我做错了什么? Is there some syntax issue that isnt allowing me to insert data to database? 是否有一些语法问题不允许我将数据插入数据库?
<?php
$username = 'username';
$password = 'pass';
$host = 'localhost';
$dbname = 'db';
try {
$dbh = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $dbh->prepare("INSERT INTO table1 (issue, time, comments, lat, lng) VALUES (:issue, :time, :comments, :lat, :lng)");
$stmt->bindParam(':issue', $issue);
$stmt->bindParam(':time', $time);
$stmt->bindParam(':comments', $comments);
$stmt->bindParam(':lat', $lat);
$stmt->bindParam(':lng', $lng);
$stmt->execute();
header("Location: main.php");
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}
$dbh = null;
?>
EDIT: (still not working) 编辑:(仍然无法正常工作)
<?php
$username = 'username';
$password = 'pass';
$host = 'localhost';
$dbname = 'db';
try {
$dbh = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (!isset($issue, $time, $comments, $lat, $lng)) {
die('data set error;');
}
$stmt = $dbh->prepare("INSERT INTO table1 (issue, time, comments, lat, lng) VALUES (:issue, :time, :comments, :lat, :lng)");
$params = array(':issue' => $issue,
':time' => $time,
':comments' => $comments,
':lat' => $lat,
':lng' => $lng);
if (!$stmt->execute($params)) {
print_r($stmt->errorInfo());
die();
}
header("Location: main.php");
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
$dbh = null;
?>
2 个解决方案
解决方案1
0 2015-09-08 05:54:23
Questions asking "to find a syntax issue" are offtopic here, as they produce but guesswork in the answers and will be no help for the future readers. 询问“查找语法问题”的问题在这里不合时宜,因为它们产生但答案中的猜测,对未来的读者没有帮助。 Unfortunately, it never takes enough votes to close such a question. 不幸的是,它永远不需要足够的投票就可以解决这个问题。
So, here goes a guesswork. 因此,这是一个猜测。 Data variables you're trying to insert are nowhere defined. 您尝试插入的数据变量未定义。
解决方案2
-1 2015-09-08 05:57:41
change your code to this: 将您的代码更改为此:
$username = 'username';
$password = 'pass';
$host = 'localhost';
$dbname = 'db';
try {
$dbh = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (!isset($issue, $time, $comments, $lat, $lng)) {
die('data set error;');
}
$stmt = $dbh->prepare("INSERT INTO table1 (issue, time, comments, lat, lng) VALUES (:issue, :time, :comments, :lat, :lng)");
$params = array(':issue' => $issue,
':time' => $time,
':comments' => $comments,
':lat' => $lat,
':lng' => $lng);
if (!$stmt->execute($params)) {
print_r($stmt->errorInfo());
die();
}
header("Location: main.php");
} catch (PDOException $e) {
echo "Error: " . $e->getMessage();
}
$dbh = null;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.