2013-04-08 08:28
浏览 97

INSERT INTO不使用bindparam插入

Trying to insert a single row into my table. Having a mare, tried to use tens of examples on the tinterweb to no success, I must just not understand how PDO works yet.

$stmt = $dbh->prepare ("INSERT INTO table_name (date, link, desc) 
VALUES (:date,:name,:desc)");
$stmt -> bindParam(':date', $date);
$stmt -> bindParam(':name', $name);
$stmt -> bindParam(':desc', $desc);
$stmt -> execute();

move_uploaded_file($_FILES["file"]["tmp_name"], $upload);    

图片转代码服务由CSDN问答提供 功能建议

尝试在表格中插入一行。 有一个母马,试图在 tinterweb 上使用数十个例子没有成功,我必须要理解PDO是如何工作的。

  $ stmt  = $ dbh-> prepare(“INSERT INTO table_name(date,link,desc)
 $ stmt  - >  bindParam(':date',$ date); 
 $ stmt  - >  bindParam(':name',$ name); 
 $ stmt  - >  bindParam(':desc',$ desc); 
 $ stmt  - >  execute(); 
move_uploaded_file($ _ FILES [“file”] [“tmp_name”],$ upload);  
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • doupi1532 2013-04-08 08:33
    1. You shouldn't allow any direct input to your query from user.
    2. There shouldn't be user-defined table names as well. Your database structure is wrong. It ought to be a single predefined table to store data for all users. So, it must be a field content, not table name
    3. You need to connect to PDO first, and make it properly. See example in PDO tag wiki
    4. So, you'll be able to see errors.
    5. From the error you have to know that desc is a reserved word and have to be formatted.

    So, the code have to be

    $stm = $dbh->prepare("INSERT INTO table (date,link,`desc`,type) VALUES (?,?,?,?)");
    move_uploaded_file($_FILES["file"]["tmp_name"], $upload);   
    解决 无用
    打赏 举报

相关推荐 更多相似问题