为什么插入此INTO不起作用? 腓
[英]Why won't this Insert INTO Work ? Php
问题描述
// This is the file that is giving the error, not the form below 
//这是出现错误的文件,而不是下面的表格
<?php
// Insert Comments into Database that user provides
<?php
// Insert Comments into Database that user provides
$comm = mysql_real_escape_string($_POST['addComment']);
// following line has changed:
$pID4 = filter_var( $_POST['pID'], FILTER_SANITIZE_STRING );
$cID = mysql_real_escape_string($_POST['courseInfoDD']);
$username = "###";
$password = "###";
$pdo4 = new PDO('mysql:host=localhost;dbname=###', $username, $password);
$pdo4->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$sth4 = $pdo4->prepare('INSERT INTO Comment (info, pID, cID) VALUES(?,?,?);');
$sth4->execute(array($comm, $pID4, $cID ));
?>
Form 形成
<input type='text' id='addComment' name='addComment' tabindex='3' value='Enter comment' />
<input type='hidden' name='pID' value='<?php echo $pID ?>'>
</form>
ERROR Received: 收到错误:
*No error is received upon load, but once I type something in and press enter it gives me a blank page saying 'no pID specified' ?? Please help!*
2 个解决方案
解决方案1
4 已采纳 2011-04-11 01:26:11
To directly answer your question, you'll need to add the pID to the request data either via the form action, though this parameter will show in the $_GET array instead of $_POST 要直接回答您的问题,您需要通过form动作将pID添加到请求数据中,尽管此参数将显示在$_GET数组而不是$_POST
<form action="inc/q/prof.php?pID=<?php echo $pID ?>" method="post">
or via a form element (will be part of the $_POST array) 或通过表单元素(将成为$_POST数组的一部分)
<input type="hidden" name="pID" value="<?php echo $pID ?>">
Now, a further consideration... 现在,进一步考虑...
You don't need to apply db string escaping ( mysql_real_escape_string() ) when using PDO prepared statements with bound parameters. 当使用带有绑定参数的PDO准备语句时,无需应用数据库字符串转义( mysql_real_escape_string() )。 The act of binding a parameter or value takes care of that for you. 绑定参数或值的行为会为您解决。
To clarify my comments below, you need something like this... 为了在下面澄清我的评论,您需要类似以下内容...
Given a URL like http://example.com/index.php?pID=842 , your form on that page should have the following hidden element 给定类似http://example.com/index.php?pID=842的URL,该页面上的表单应具有以下隐藏元素
<input type="hidden" name="pID" value="<?php echo (int) $_GET['pID'] ?>" />
解决方案2
0 2011-04-11 02:10:08
Two words: GET FIREBUG . 两个词: GET FIREBUG 。 Before checking your PHP script, you should check your HTML form. 在检查PHP脚本之前,应检查HTML表单。 It's possible you're not echoing the form correctly. 您可能没有正确地回应表单。
I don't thinks it's safer to go with POST submissions, but definitely it's cleaner. 我认为进行POST提交并不更安全,但是绝对更清洁。
After you checked your form it should look like this: 在检查完表单后,它应如下所示:
<form method="POST" action="form-process.php">
<input type='text' id='addComment' name='addComment' tabindex='3' value='Enter comment' />
<input type="hidden" name="courseInfoDD" value="XXX" id="courseInfoDD">
<input type="hidden" name="pID" value="XXX" id="pID">
</form>
On your submit script, you can access those parameters with $_POST. 在提交脚本上,您可以使用$ _POST访问这些参数。 But remeber, if you have an empty value on your HTML form, it would become an empty variable. 但是请记住,如果您在HTML表单上有一个空值,它将变成一个空变量。
You can do a quick echo on $pID to see their content. 您可以对$ pID进行快速回显以查看其内容。
@Phil Brown is right about PDO. @Phil Brown关于PDO是正确的。 You don't have to escape variables before sending it to the handler. 您不必在将变量发送到处理程序之前先对其进行转义。
Hope it helps! 希望能帮助到你!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.