dongzhugao9929 2016-07-24 02:53 采纳率: 0%
浏览 15
已采纳

为什么这个SQL没有插入数据库?

PHP Version: 7.0

Script is sent data from a different website.

For some reason, the data is not being inserted into the database like it should be, and I don't think I have any SQL errors (this is done with PDO).

Here is the included functions code:

<?php
function escape($string){
    return htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
}
?>

Script Code:

    <html>
<head>
    <title>Data from Roblox</title>
    <h3>Data from Roblox</h3>
</head>
<body>
<?php
    include '../includes/connection.php';
    include '../scripts/functions.php'; //Remove if unknown error as well as the escapes
    error_reporting(E_ALL);
    ini_set('display_errors', 1);
    $array = json_decode(file_get_contents('php://input'),1);
    $SenderName = escape($array['SenderName']);
    $SenderID = escape($array['SenderID']);
    $PlayerName = escape($array['PlayerName']);
    $PlayerID = escape($array['PlayerID']);
    $Reason = escape($array['Reason']);
    $PlaceLink = escape($array['PlaceLink']);
    if(!$Reason){ $Reason = "Reason not provided."; }


    if($SenderName !=NULL and $SenderID != NULL and $PlayerName != NULL and $PlayerID !=NULL and $PlaceLink !=NULL){
        $query = $handler->prepare("INSERT INTO PlayerBans (`ID`, `Username`,`Reason`, `BannedDate`, `BannedBy`, `BannedAt`) VALUES (:pid, :pname, :reason, NOW(), :sname, :pl)");
        $query->bindParam(':pid', $PlayerID);
        $query->bindParam(':pname', $PlayerName);
        $query->bindParam(':reason', $Reason);
        $sender = $SenderName . " - " . $SenderID;
        $query->bindParam(':sname', $sender);
        $query->bindParam(':pl', $PlaceLink);
        $query->execute();

   }
?>
</body>
</html>

When go to the script URL in my web browser, the HTML shows up, and no errors.

  • 写回答

1条回答 默认 最新

  • doushan5245 2016-08-03 00:30
    关注

    Your problem is almost certainly with the request coming in, but here are a few issues you could address with your code.

    • htmlspecialchars() is not for inserting into a database. It's used when you want to display something as HTML.
    • none of those values you're checking will ever be null, because you're running them through htmlspecialchars() which returns a string.
    • there's no need to use PDOStatement::bindParam() unless you need to do something special with data types. Just pass an array to PDOStatement::execute() instead.
    • it sounds like you're not recording any error messages. If you aren't using this page interactively, you need to have some way to know if there's a problem.

    With that in mind, I'd recommend trying this:

    <?php
include("../includes/connection.php");
error_reporting(E_ALL);
ini_set("display_errors", true);
ini_set("error_log", "/var/log/php.log");

$json       = file_get_contents("php://input");
$array      = json_decode($json, true);

$SenderName = $array['SenderName'] ?? null;
$SenderID   = $array['SenderID'] ?? null;
$PlayerName = $array['PlayerName'] ?? null;
$PlayerID   = $array['PlayerID'] ?? null;
$Reason     = $array['Reason'] ?? "Reason not provided";
$PlaceLink  = $array['PlaceLink'] ?? null;

if($SenderName !== null && $SenderID !== null && $PlayerName !== null && $PlayerID !== null && $PlaceLink !== null) {
    // prepare using ? for a shorter query; don't mix placeholders with other values
    $query = $handler->prepare("INSERT INTO PlayerBans (`ID`, `Username`,`Reason`, `BannedBy`, `BannedAt`, `BannedDate`) VALUES (?,?,?,?,?,NOW())");
    // double quotes interpolate variables!
    $sender = "$SenderName - $SenderID";
    // pass the values directly to execute
    $result = $query->execute([$PlayerID, $PlayerName, $Reason, $sender, $PlaceLink]);
    // check the result of this call and log some details if there's a problem
    if (!$result) {
        $e = $query->errorInfo();
        error_log("SQL Error $e[0]: $e[2] ($e[1]) while inserting data: $json");
    }
}
?>

    You'll want to make sure that you create the log file ahead of time, with the correct permissions for your web server to be able to write to it. On a Linux platform this might look like sudo touch /var/log/php && sudo chown www-data /var/log/php

    Also I'm assuming you're using a current version of PHP that supports the null coalesce operator; you'll need to replace $foo = $bar ?? null with $foo = isset($bar) ? $bar : null if that's not the case.

    One more point, if each user on your system has an entry in a user table, you should really have UserID and SenderID columns in the PlayerBans table that are foreign keys back to your users table. If you're querying this column regularly it makes a whole lot more sense than having an unstructured text column.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 c程序不知道为什么得不到结果
  • ¥40 复杂的限制性的商函数处理
  • ¥15 程序不包含适用于入口点的静态Main方法
  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置