douxiezha9319 2015-02-28 02:56
浏览 39
已采纳

使用PDO将textarea $ _POST导入MySQL

I'm trying to post a textarea value to a mysql table... alongside a few other fields & datatypes, using PHP's PDO. All other fields insert appropriately, when I remove the textarea field ('desc') from the insert or update. When I include the textarea ('desc') in my prepared statement... the query fails. I've tried a few different data types for the 'desc' field in the table, to include text, bigtext, smalltext, varchar. So then I turned back to looking at the type of field and whether or not I had to escape the content or anything.. but have read that I do not, when using PDO.

$ItemID = $_POST['ItemID'];
$Name = $_POST['Name'];
$Desc = $_POST['Desc'];
$ItemValue = $_POST['ItemValue'];
$GiveawayDate = date('y-m-d 17:00:00',strtotime($_POST['GiveawayDate']));
$NewItemData = array('name'=>$Name, 'desc'=>$Desc, 'itemvalue'=>$ItemValue, 'giveawaydate'=>$GiveawayDate, 'creator'=>$_SESSION['userid'], 'itemid'=>$ItemID);

$ReturnData['Fail']=0;

try {
    $DBH = new PDO("mysql:host=$hostname;dbname=$db_name", $db_username, $db_password);
    $STH = $DBH->prepare("UPDATE giveawayitem SET name=:name, desc=:desc, itemvalue=:itemvalue, giveawaydate=:giveawaydate, creator=:creator WHERE iditem=:itemid");
    $STH->execute($NewItemData);
    if($STH->rowCount()==0){
        $ReturnData['Fail']=1;
        $ReturnData['Error']='Update Failure';
        $ReturnData['Status']='Item Creation Error. 0 rows affect.';
    }else{
        $ReturnData['Status']='Item Updated :)';
    }
}
catch(PDOException $e) {
    $ReturnData['Fail']=1;
    $ReturnData['Error']=$e->getMessage();
}       
$DBH = null;

die(json_encode($ReturnData));

The logic behind the array returning via JSON is that this is being executed via AJAX.

Each POST does make it through.

The PDOException $e->getMessage() doesn't return anything... I'm just getting a rowCount of 0.

  • 写回答

2条回答 默认 最新

  • donglin8467 2015-02-28 04:14
    关注

    You're using desc for your column, being a MySQL reserved word without escaping it with ticks.

    Either rename it to something else like "description", or wrap it in ticks:

    UPDATE giveawayitem SET name=:name, `desc`=:desc ...

    Had you used setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION) it would have signaled the syntax error such as:

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc

    • Add $DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); right after the connection is opened.

    See also:

    Add error reporting to the top of your file(s) which will help find errors.

    <?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

    Sidenote: Error reporting should only be done in staging, and never production.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口
  • ¥15 不是,这到底错哪儿了😭
  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么