dsla94915 2013-04-08 08:28
浏览 102

INSERT INTO不使用bindparam插入

Trying to insert a single row into my table. Having a mare, tried to use tens of examples on the tinterweb to no success, I must just not understand how PDO works yet.

$stmt = $dbh->prepare ("INSERT INTO table_name (date, link, desc) 
VALUES (:date,:name,:desc)");
$stmt -> bindParam(':date', $date);
$stmt -> bindParam(':name', $name);
$stmt -> bindParam(':desc', $desc);
$stmt -> execute();

move_uploaded_file($_FILES["file"]["tmp_name"], $upload);    
  • 写回答

1条回答 默认 最新

  • doupi1532 2013-04-08 08:33
    1. You shouldn't allow any direct input to your query from user.
    2. There shouldn't be user-defined table names as well. Your database structure is wrong. It ought to be a single predefined table to store data for all users. So, it must be a field content, not table name
    3. You need to connect to PDO first, and make it properly. See example in PDO tag wiki
    4. So, you'll be able to see errors.
    5. From the error you have to know that desc is a reserved word and have to be formatted.

    So, the code have to be

    $stm = $dbh->prepare("INSERT INTO table (date,link,`desc`,type) VALUES (?,?,?,?)");
    move_uploaded_file($_FILES["file"]["tmp_name"], $upload);   
    本回答被题主选为最佳回答 , 对您是否有帮助呢?



    • ¥15 Linux操作系统中的,管道通信问题
    • ¥15 请问这张multisim图的原理是什么,这是一个交通灯,是课程要求,明天要进行解析,但是我们组没一个人会,所以急要,今天要
    • ¥15 ansible tower 卡住
    • ¥15 等间距平面螺旋天线方程式
    • ¥15 通过链接访问,显示514或不是私密连接
    • ¥100 系统自动弹窗,键盘一接上就会
    • ¥50 股票交易系统设计(sql语言)
    • ¥15 调制识别中这几个数据集的文献分别是什么?
    • ¥15 使用c语言对日志文件处理
    • ¥15 请大家看看报错原因,为啥会这样