同時使用Php將數據插入mysql數據庫。 我收到一條錯誤消息，指出錯誤的整數值：第1行的“ rate”列

Question

1.Php代碼如下，我沒有自動遞增字段的完整錯誤描述

錯誤：無法執行對雇員的插入（emp_name，rate，ifsc_code，acc_num，acc_holder_name）VALUES（“，”，“，”，“”）。 不正確的整數值：“”表示第1行的“ rate”列

 <?php

include_once('connectdb.php');

$emp_name = mysqli_real_escape_string($link, $_REQUEST['emp_name']);
$rate = mysqli_real_escape_string($link, $_REQUEST['rate']);
$ifsc_code = mysqli_real_escape_string($link, $_REQUEST['ifsc_code']);
$acc_num = mysqli_real_escape_string($link, $_REQUEST['acc_num']);
$acc_holder_name = mysqli_real_escape_string($link, $_REQUEST['acc_holder_name']); 

$sql = "INSERT INTO employee(   emp_name, 
                                rate, 
                                ifsc_code, 
                                acc_num, 
                                acc_holder_name) 

        VALUES              (   '$emp_name', 
                                '$rate',
                                '$ifsc_code',
                                '$acc_num',
                                '$acc_holder_name')";

if(mysqli_query($link, $sql)){

    //echo "<script type='text/javascript'>alert('Commodity added to inventory')</script>";
    echo "<meta http-equiv='refresh' content='0;url=insert_emp_details.php'>";
} else{
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}

mysqli_close($link);

?>

Answer 1

根據我的評論，您應該將$ rate轉換為整數或刪除'單引號

$sql = "INSERT INTO employee(   emp_name, 
                                rate, 
                                ifsc_code, 
                                acc_num, 
                                acc_holder_name) 

        VALUES              (   '$emp_name', 
                                $rate,
                                '$ifsc_code',
                                '$acc_num',
                                '$acc_holder_name')";

要么

您可以像這樣將整數轉換成$rate= (int)$rate;

同時將pdo與bind參數功能一起使用以防止sql注入

Answer 2

如上文注釋中所述，原始代碼可能容易受到SQL注入的影響，因此建議使用prepared statement來幫助降低風險。

您發布的錯誤消息雖然令我擔憂-似乎所有值都是空的...是這樣嗎？ 嘗試sql操作之前，應檢查這些變量是否存在。

<?php

    include_once('connectdb.php');

    try{

        $sql='insert into `employee` ( `emp_name`, `rate`, `ifsc_code`, `acc_num`, `acc_holder_name` ) values (?,?,?,?,?);';

        /* field names expected in REQUEST array and associated data type for filtering */
        $args=array(
            'emp_name'          =>  FILTER_SANITIZE_STRING,
            'rate'              =>  FILTER_SANITIZE_NUMBER_INT, /* assumed that rate is an integer */
            'ifsc_code'         =>  FILTER_SANITIZE_STRING,
            'acc_num'           =>  FILTER_SANITIZE_NUMBER_INT, /* assumed that acc_num is an integer ?? */
            'acc_holder_name'   =>  FILTER_SANITIZE_STRING
        );
        /* filter REQUEST array using above arguments */
        filter_input_array( INPUT_REQUEST, $args );

        /* extract variables */
        extract( $_REQUEST );


        /* If all the variables were extracted correctly after filtering - proceed */
        if( $emp_name && $rate && $ifsc_code && $acc_num && $acc_holder_name ){

            /* if the filter failed this will probably never be called but... */
            if( !is_integer( $rate ) ) throw new Exception('rate is not an integer');

            /* create a prepared statement */
            $stmt=$link->prepare( $sql );

            /* If the query failed for some reason - abandon ship */
            if( !$stmt )throw new Exception( sprintf( 'error preparing sql query: %s', $stmt->error ) );

            /* assumed that rate and acc_num is an integer ?? */
            $stmt->bind_param( 'sisis', $emp_name, $rate, $ifsc_code, $acc_num, $acc_holder_name );

            /* execute the query */
            $result = $stmt->execute();
            if( $result ){

                echo "Success";


            } else {
                throw new Exception( sprintf( "Bogus! %s", $stmt->error ) );
            }
        } else {
            throw new Exception( 'an error occurred extracting one or more variables - check "$args" array!' );
        }

    } catch( Exception $e ){
        exit( $e->getMessage() );
    }
?>