[英]MYSQL Insert Statement not working in code but working in phpmyadmin
所以我只想使用以下查詢向數據庫插入一條新記錄:
INSERT INTO ratings VALUES(\'\','".$userid."','".$rating."','".$itemid."')
我也用參數嘗試過,但也沒有用。
這是打印到控制台的查詢:
插入評分值('','13','3.5','5228')"
Php 代碼是這樣的:
$query = "INSERT INTO ratings VALUES(\'\','".$userid."','".$rating."','".$itemid."')";
echo '<script>console.log("'.$query.'");</script>';
DB::query($query);
和 function 執行查詢:
public static function query($query, $params = array()) {
$statement = self::connect()->prepare($query);
$statement->execute($params);
if (explode(' ', $query)[0] == 'SELECT') {
$data = $statement->fetchAll();
return $data;
}
}
我得到的錯誤如下:
Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation:
1064 You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax
to use near '\'\','13','4','5228')'
at line 1 in D:\xampp\htdocs\updatedcollector\classes\DB.php:12
鑒於此 function:
public static function query($query, $params = array()) {
$statement = self::connect()->prepare($query);
$statement->execute($params);
if (explode(' ', $query)[0] == 'SELECT') {
$data = $statement->fetchAll();
return $data;
}
}
看起來你想要做的是這樣的:
$query = "INSERT INTO ratings VALUES('', ?, ?, ?)";
DB::query($query, [$userid, $rating, $itemid]);
這為您提供了針對SQL 注入攻擊的保護。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.