mysql查询有时但并非总是有效
[英]mysql query works sometimes but not always
问题描述
I'm building a simple "little" movie cataloging database system for my own use. 
我正在构建一个供自己使用的简单的“小”电影编目数据库系统。 The problem right now is that I've got a mySQL query that works MOST of the time but not all. 现在的问题是我有一个mySQL查询,该查询在大多数情况下都有效,但不是全部。 Basically it works by using a 3rd party IMDB API. 基本上,它通过使用第三方IMDB API来工作。 I use that to search and pull the values I need which works just fine. 我用它来搜索并提取所需的值,这很好。 It displays on my preview screen and everything. 它显示在我的预览屏幕和所有内容上。 The problem I'm running into that that while most movies work, a few do not and I can't figure out the reason. 我遇到的问题是,尽管大多数电影都可以正常工作,但有些电影却不能工作,我无法弄清原因。
For example, The Fellowship of the Ring stores just fine while The Return of the King simply won't pass the query. 例如,“戒指的团契”存储很好,而“国王的归来”根本不会通过查询。 I can't find any differences. 我找不到任何区别。
Here's my query: 这是我的查询:
$query = "INSERT INTO movies
(title, year, releaseDate, actors, image, runtime, genre, director, rating, watchedDate, category, series, comments, owned, ownedFormat, seen, plot, favorite, uploadDate)
VALUES ('$title', '$year', '$releaseDate', '$actors', '$newImg', '$runtime', '$genre', '$director', '$rating', '$watchedDate', '$category', '$series', '$comments', '$owned', '$ownedFormat', '$seen', '$plot', '$favorite', '$curDate')";
mysql_query($query) or die ('Error');
I'm not sure what else I need to provide. 我不确定还需要提供什么。 It seems like some kind of difference in the movies is causing the error but I don't know. 电影中的某种差异似乎导致了错误,但我不知道。
Thanks! 谢谢!
** ** EDIT 编辑 ** * ** *
So I tried switching over to mysqli. 所以我尝试切换到mysqli。 Here's my new code: 这是我的新代码:
/* Create the prepared statement */
if ($stmt = $mysqli->prepare("INSERT INTO movies (title, year, releaseDate, actors, image, runtime, genre, director, rating, watchedDate, category, series, comments, owned, ownedFormat, seen, plot, favorite, uploadDate) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)")) {
/* Bind our params */
$stmt->bind_param('sssssssssssssssssis', $title, $year, $releaseDate, $actors, $newImg, $runtime, $genre, $director, $rating, $watchedDate, $category, $series, $comments, $owned, $ownedFormat, $seen, $plot, $favorite, $curDate);
/* Execute the prepared Statement */
$stmt->execute();
/* Echo results */
echo "Inserted {$title} into database\n";
}
However, now i'm getting an error that reads: Fatal error: Call to a member function prepare() on a non-object on the line where the if statement starts. 但是,现在我收到一条错误消息:致命错误:在if语句开始的行的非对象上调用成员函数prepare()。
I'm assuming this is because something my query isn't an object? 我假设这是因为我的查询不是对象吗?
Thanks 谢谢
2 个解决方案
解决方案1
0 2013-02-06 03:16:07
The most likely reason for this is that you are putting the raw values between single quotes. 造成这种情况的最可能原因是您将原始值放在单引号之间。 If one of the values has a single quote in it, then you will get a syntax error. 如果其中一个值中有单引号,则将出现语法错误。
A better way to do what you want is by binding parameters. 绑定参数是执行所需操作的更好方法。 You can read more about that here . 您可以在此处阅读更多有关此内容的信息 。
解决方案2
-1 2013-02-06 03:18:43
Without more information about the actually returned value it is hard to say. 没有关于实际返回值的更多信息,这很难说。 It is possible that the returned value contains a character that breaks your code such as a semicolon or quote. 返回的值可能包含一个破坏您代码的字符,例如分号或引号。 Try stripping all non alphanumeric characters away using regex. 尝试使用正则表达式删除所有非字母数字字符。
$result = preg_replace("/[^a-zA-Z0-9]+/", "", $s);
And you have a sql injection vulnerablility. 而且您有一个SQL注入漏洞。 Consider using PDO instead of the depreciacted mysql functions. 考虑使用PDO代替不推荐使用的mysql函数。
http://php.net/manual/en/book.pdo.php http://php.net/manual/zh/book.pdo.php
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.