[英]Getting SQL error while inserting the data into database using MySQL and PHP
[英]while inserting data to a mysql database using Php. I'm getting an error saying Incorrect integer value: '' for column 'rate' at row 1
1.Php代碼如下,我沒有自動遞增字段的完整錯誤描述
錯誤:無法執行對雇員的插入(emp_name,rate,ifsc_code,acc_num,acc_holder_name)VALUES(“,”,“,”,“”)。 不正確的整數值:“”表示第1行的“ rate”列
<?php
include_once('connectdb.php');
$emp_name = mysqli_real_escape_string($link, $_REQUEST['emp_name']);
$rate = mysqli_real_escape_string($link, $_REQUEST['rate']);
$ifsc_code = mysqli_real_escape_string($link, $_REQUEST['ifsc_code']);
$acc_num = mysqli_real_escape_string($link, $_REQUEST['acc_num']);
$acc_holder_name = mysqli_real_escape_string($link, $_REQUEST['acc_holder_name']);
$sql = "INSERT INTO employee( emp_name,
rate,
ifsc_code,
acc_num,
acc_holder_name)
VALUES ( '$emp_name',
'$rate',
'$ifsc_code',
'$acc_num',
'$acc_holder_name')";
if(mysqli_query($link, $sql)){
//echo "<script type='text/javascript'>alert('Commodity added to inventory')</script>";
echo "<meta http-equiv='refresh' content='0;url=insert_emp_details.php'>";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
根據我的評論,您應該將$ rate轉換為整數或刪除'
單引號
$sql = "INSERT INTO employee( emp_name,
rate,
ifsc_code,
acc_num,
acc_holder_name)
VALUES ( '$emp_name',
$rate,
'$ifsc_code',
'$acc_num',
'$acc_holder_name')";
要么
您可以像這樣將整數轉換成$rate= (int)$rate;
同時將pdo
與bind參數功能一起使用以防止sql
注入
如上文注釋中所述,原始代碼可能容易受到SQL注入的影響,因此建議使用prepared statement
來幫助降低風險。
您發布的錯誤消息雖然令我擔憂-似乎所有值都是空的...是這樣嗎? 嘗試sql操作之前,應檢查這些變量是否存在。
<?php
include_once('connectdb.php');
try{
$sql='insert into `employee` ( `emp_name`, `rate`, `ifsc_code`, `acc_num`, `acc_holder_name` ) values (?,?,?,?,?);';
/* field names expected in REQUEST array and associated data type for filtering */
$args=array(
'emp_name' => FILTER_SANITIZE_STRING,
'rate' => FILTER_SANITIZE_NUMBER_INT, /* assumed that rate is an integer */
'ifsc_code' => FILTER_SANITIZE_STRING,
'acc_num' => FILTER_SANITIZE_NUMBER_INT, /* assumed that acc_num is an integer ?? */
'acc_holder_name' => FILTER_SANITIZE_STRING
);
/* filter REQUEST array using above arguments */
filter_input_array( INPUT_REQUEST, $args );
/* extract variables */
extract( $_REQUEST );
/* If all the variables were extracted correctly after filtering - proceed */
if( $emp_name && $rate && $ifsc_code && $acc_num && $acc_holder_name ){
/* if the filter failed this will probably never be called but... */
if( !is_integer( $rate ) ) throw new Exception('rate is not an integer');
/* create a prepared statement */
$stmt=$link->prepare( $sql );
/* If the query failed for some reason - abandon ship */
if( !$stmt )throw new Exception( sprintf( 'error preparing sql query: %s', $stmt->error ) );
/* assumed that rate and acc_num is an integer ?? */
$stmt->bind_param( 'sisis', $emp_name, $rate, $ifsc_code, $acc_num, $acc_holder_name );
/* execute the query */
$result = $stmt->execute();
if( $result ){
echo "Success";
} else {
throw new Exception( sprintf( "Bogus! %s", $stmt->error ) );
}
} else {
throw new Exception( 'an error occurred extracting one or more variables - check "$args" array!' );
}
} catch( Exception $e ){
exit( $e->getMessage() );
}
?>
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.