dsla94915 2013-04-08 08:28
浏览 102
已采纳

INSERT INTO不使用bindparam插入

Trying to insert a single row into my table. Having a mare, tried to use tens of examples on the tinterweb to no success, I must just not understand how PDO works yet.

$stmt = $dbh->prepare ("INSERT INTO table_name (date, link, desc) 
VALUES (:date,:name,:desc)");
$stmt -> bindParam(':date', $date);
$stmt -> bindParam(':name', $name);
$stmt -> bindParam(':desc', $desc);
$stmt -> execute();

move_uploaded_file($_FILES["file"]["tmp_name"], $upload);    
  • 写回答

1条回答 默认 最新

  • doupi1532 2013-04-08 08:33
    关注
    1. You shouldn't allow any direct input to your query from user.
    2. There shouldn't be user-defined table names as well. Your database structure is wrong. It ought to be a single predefined table to store data for all users. So, it must be a field content, not table name
    3. You need to connect to PDO first, and make it properly. See example in PDO tag wiki
    4. So, you'll be able to see errors.
    5. From the error you have to know that desc is a reserved word and have to be formatted.

    So, the code have to be

    $stm = $dbh->prepare("INSERT INTO table (date,link,`desc`,type) VALUES (?,?,?,?)");
    $stm->execute(array($date,$name,$desc,$type));
    
    move_uploaded_file($_FILES["file"]["tmp_name"], $upload);   
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 寻找一块做为智能割草机的驱动板(标签-stm32|关键词-m3)
  • ¥15 信息管理系统的查找和排序
  • ¥15 基于STM32,电机驱动模块为L298N,四路运放电磁传感器,三轮智能小车电磁组电磁循迹(两个电机,一个万向轮),怎么用读取的电磁传感器信号表示小车所在的位置
  • ¥15 如何解决y_true和y_predict数据类型不匹配的问题(相关搜索:机器学习)
  • ¥15 PB中矩阵文本型数据的总计问题。
  • ¥40 宿舍管理系统设计(c#)
  • ¥15 MATLAB卫星二体模型仿真
  • ¥15 怎么让数码管亮的同时让led执行流水灯代码
  • ¥20 SAP HANA SQL Script 。如何判断字段值包含某个字符串
  • ¥85 cmd批处理参数如果含有双引号,该如何传入?