INSERT - PHP & SQL Server
Question
I don't know what is going on, but it just doesn't want to work.
I keep getting this error when I submit my form:
Array ( [0] => Array ( [0] => 22001 [SQLSTATE] => 22001 [1] => 8152 [code] => 8152 [2] => [Microsoft][SQL Server Native Client 10.0][SQL Server]String or binary data would be truncated. [message] => [Microsoft][SQL Server Native Client 10.0][SQL Server]String or binary data would be truncated. ) [1] => Array ( [0] => 01000 [SQLSTATE] => 01000 [1] => 3621 [code] => 3621 [2] => [Microsoft][SQL Server Native Client 10.0][SQL Server]The statement has been terminated. [message] => [Microsoft][SQL Server Native Client 10.0][SQL Server]The statement has been terminated. ) )
Here's the PHP Code:
<?php
$who = $_REQUEST["who"];
$what = $_REQUEST["what"];
$serverName = "xxx";
$uid = "xxx";
$pwd = "xxx";
$databaseName = "xxx";
$connectionInfo = array( "UID"=>$uid,
"PWD"=>$pwd,
"Database"=>$databaseName);
/* Connect using SQL Server Authentication. */
$conn = sqlsrv_connect( $serverName, $connectionInfo);
$tsql = "insert into Suggestions (Who, What, Votes) values ('$who','$what','10')";
/* Execute the query. */
$stmt = sqlsrv_query( $conn, $tsql);
if ( $stmt )
{
$something = "Submission successful.";
}
else
{
$something = "Submission unsuccessful.";
die( print_r( sqlsrv_errors(), true));
}
$output=$something;
/* Free statement and connection resources. */
sqlsrv_free_stmt( $stmt);
sqlsrv_close( $conn);
?>
And here's the HTML Form:
<form action="startvoting.php" method="post" id="myform">
<ol>
<li>
<label for="name">Nickname</label>
<input id="who" name="who" class="text" />
</li>
<li>
<label for="message">What <strong>you</strong> Want</label>
<textarea id="what" name="what"></textarea>
</li>
<li class="buttons">
<input type="image" src="images/send.gif" class="send" />
<div class="clr"></div>
</li>
</ol>
</form>
Can someone please help me? I don't know what to do!
Thank you
Here is the definitions:
TABLE_QUALIFIER TABLE_OWNER TABLE_NAME COLUMN_NAME DATA_TYPE TYPE_NAME PRECISION LENGTH SCALE RADIX NULLABLE REMARKS COLUMN_DEF SQL_DATA_TYPE SQL_DATETIME_SUB CHAR_OCTET_LENGTH ORDINAL_POSITION IS_NULLABLE SS_DATA_TYPE
DB_11967_suggestions dbo Suggestions Who 12 varchar 1 1 1 12 1 1 YES 39
DB_11967_suggestions dbo Suggestions What 12 varchar 1 1 1 12 1 2 YES 39
DB_11967_suggestions dbo Suggestions Votes 4 int 10 4 0 10 1 4 3 YES 38
Sorry it's not properly formatted.
2 answers
solution1
1 2010-08-17 01:48:01
The error occurs when you input a text field with more than one character. The error message “String or binary data would be truncated” would imply that you have created a table whose text columns are limited to one character. That would happen if your CREATE statement said they were CHAR as opposed to CHAR(somenumber) or NVARCHAR(somenumber) .
However, you've a bigger problem:
$tsql = "insert into Suggestions (Who, What, Votes) values ('$who','$what','10')";
You've forgotten to SQL-escape those text strings. If they contain the ' character your query breaks, and any attacker can execute arbitrary SQL by injecting it into the query. Pretty soon your database ends up defaced with malware links, or worse.
Bizarrely, the sqlsrv drivers don't seem to give you a proper escaping function, but then just replacing ' with '' should be enough for SQL Server. However, you're much better off avoiding the issue by using parameterised queries :
sqlsrv_query(
$conn,
'INSERT INTO Suggestions (Who, What, Votes) VALUES (?, ?, 10)',
array($who, $what)
);
solution2
0 ACCPTED 2010-08-17 01:42:18
我认为您在column(fields)类型中有错误,尝试仅插入一个字符,然后提交成功,尝试扩展字段类型..即增加char num ... etc
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.