为什么这个 mysqli 准备好的插入语句不能处理多个值?
[英]Why won't this mysqli prepared insert statement work with multiple values?
问题描述
I am having issues using a prepared insert statement.
我在使用准备好的插入语句时遇到问题。 The script is supposed to read the contents of the.txt file and insert the data into the corresponding columns in my database.该脚本应该读取 .txt 文件的内容并将数据插入到我数据库中的相应列中。 Here is the error I keep getting when trying to insert.这是我尝试插入时不断遇到的错误。
Fatal error: Uncaught mysqli_sql_exception: Column 'propertyName' cannot be null in C:\xamppp\htdocs\php7\propertyUpload.php:19 Stack trace: #0 C:\xamppp\htdocs\php7\propertyUpload.php(19): mysqli_stmt_execute(Object(mysqli_stmt)) #1 {main} thrown in C:\xamppp\htdocs\php7\propertyUpload.php on line 19
BTW: The contents of the.txt are in an array like so:顺便说一句:.txt 的内容在一个数组中,如下所示:
TEST1000, PROPERTY1
TEST2000, PROPERTY2
TEST3000, PROPERTY3
<?php
include 'config.php';
if (empty($_SERVER['HTTP_REFERER']))
{
header('Location: ""');
exit;
}
ini_set("auto_detect_line_endings", true);
$open = fopen('test22-7-18.txt','r');
while (!feof($open))
{
$getTextLine = fgets($open);
$explodeLine = explode(",",$getTextLine);
list($accountCode,$propertyName) = $explodeLine;
$sql = "INSERT INTO properties (accountCode, propertyName) values(?, ?)";
if ($stmt = mysqli_prepare($link, $sql))
{
mysqli_stmt_bind_param($stmt,"ss",$accountCode, $propertyName);
(mysqli_stmt_execute($stmt));
}
}
fclose($open);
?>
However, when I change my code to this the contents are inserted correctly:但是,当我将代码更改为此时,内容已正确插入:
<?php
include 'config.php';
if (empty($_SERVER['HTTP_REFERER']))
{
header('Location: ""');
exit;
}
ini_set("auto_detect_line_endings", true);
$open = fopen('test22-7-18.txt','r');
while (!feof($open))
{
$getTextLine = fgets($open);
$explodeLine = explode(",",$getTextLine);
list($accountCode,$propertyName) = $explodeLine;
$sql = "INSERT INTO properties (accountCode, propertyName) values(? , '$propertyName')";
if ($stmt = mysqli_prepare($link, $sql))
{
mysqli_stmt_bind_param($stmt,"s",$accountCode);
(mysqli_stmt_execute($stmt));
}
}
fclose($open);
?>
Is the second script open to SQL injection, if not could I leave it as is?第二个脚本是否对 SQL 注入开放,如果没有,我可以保持原样吗? Does anyone know why I can't get the first statement to work?有谁知道为什么我不能让第一个语句起作用?
1 个解决方案
解决方案1
2 已采纳 2022-07-25 21:48:14
The value of $propertyName is null , but the propertyName column in the table is declared NOT NULL . $propertyName的值为null ,但表中的propertyName列声明为NOT NULL 。
This is most likely due to your incorrect use of while( feof($open)) , which causes you to call fgets() an extra time at the end of the file.这很可能是由于您错误地使用了while( feof($open)) ,这导致您在文件末尾多调用fgets()时间。 This sets $getTextLine to false , and explode() returns [""] , so $bar is set to null (there's probably also an "Undefined offset" warning that you're not printing).这会将$getTextLine设置为false ,并且explode()返回[""] ,因此$bar设置为null (可能还有一个“未定义的偏移量”警告您没有打印)。
When you use string substitution null expands to an empty string, so you're inserting an empty string in that row.当您使用字符串替换null扩展为空字符串时,您将在该行中插入一个空字符串。 This prevents the error, but you're probably not getting the desired result, since it inserts an extra row with empty values.这可以防止错误,但您可能没有得到想要的结果,因为它插入了一个带有空值的额外行。
Use利用
while ($getTextLine = fgets())
as your looping criteria instead of while ( feof($getTextLine))作为您的循环条件而不是while ( feof($getTextLine))
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.