dsla94915 2013-04-08 08:28
浏览 102

INSERT INTO不使用bindparam插入

Trying to insert a single row into my table. Having a mare, tried to use tens of examples on the tinterweb to no success, I must just not understand how PDO works yet.

$stmt = $dbh->prepare ("INSERT INTO table_name (date, link, desc) 
VALUES (:date,:name,:desc)");
$stmt -> bindParam(':date', $date);
$stmt -> bindParam(':name', $name);
$stmt -> bindParam(':desc', $desc);
$stmt -> execute();

move_uploaded_file($_FILES["file"]["tmp_name"], $upload);    
  • 写回答

1条回答 默认 最新

  • doupi1532 2013-04-08 08:33
    1. You shouldn't allow any direct input to your query from user.
    2. There shouldn't be user-defined table names as well. Your database structure is wrong. It ought to be a single predefined table to store data for all users. So, it must be a field content, not table name
    3. You need to connect to PDO first, and make it properly. See example in PDO tag wiki
    4. So, you'll be able to see errors.
    5. From the error you have to know that desc is a reserved word and have to be formatted.

    So, the code have to be

    $stm = $dbh->prepare("INSERT INTO table (date,link,`desc`,type) VALUES (?,?,?,?)");
    move_uploaded_file($_FILES["file"]["tmp_name"], $upload);   
    本回答被题主选为最佳回答 , 对您是否有帮助呢?



  • ¥15 BP神经网络控制倒立摆
  • ¥20 要这个数学建模编程的代码 并且能完整允许出来结果 完整的过程和数据的结果
  • ¥15 html5+css和javascript有人可以帮吗?图片要怎么插入代码里面啊
  • ¥30 Unity接入微信SDK 无法开启摄像头
  • ¥20 有偿 写代码 要用特定的软件anaconda 里的jvpyter 用python3写
  • ¥20 cad图纸,chx-3六轴码垛机器人
  • ¥15 移动摄像头专网需要解vlan
  • ¥20 access多表提取相同字段数据并合并
  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算