我试图了解和阅读PDO.
我刚刚编写了以下内容并且它工作正常,但我想知道它是否安全,因为我没有逃避任何变量,它是否仍然要求我逃避这些?
// Get Post Variables
$first_name = $_POST['first_name'];
$surname = $_POST['surname'];
$email_addr = $_POST['email_addr'];
$user_type = $_POST['user_type'];
// query
$sql = "UPDATE users
SET first_name=?, surname=?, email_addr=?, user_age=?, user_type=?
WHERE user_id=?";
$q = $conn->prepare($sql);
$q->execute(array($first_name,$surname,$email_addr,$user_age,$user_type,$uid));
我正在尝试用pdo更新mysql ...我在一个站点上工作,但它不能在第二个站点上运行.无论我尝试哪种方法,我都会收到跟随错误.
第一个网站是在网上直播的,而这个网站是在wamp ...不确定这是否重要.
(!)致命错误:在第236行的C:\ wamp\www\demo\admin\action\global-settings-css-update.php中(!)PDOException:在C:\ wamp\www\demo\admin\action中第236行的\ global-settings-css-update.php
<?php
$level = '../../';
//include($level.'inc/start.php');
$db_host = "localhost";
$db_username = "xxxxx";
$db_pass = "xxxxx";
$db_name = "demo";
$db = new PDO('mysql:host='.$db_host.';dbname='.$db_name,$db_username,$db_pass, array( PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION ));
$action = $_POST['action'];
$returnto = $_POST['returnto'];
$global_id = $_POST['global_id'];
$rem_base = $_POST['rem_base'];
$base_font_size = $_POST['base_font_size'];
$base_line_height = $_POST['base_line_height'];
$_POST_width = $_POST['_POST_width'];
$column_gutter = $_POST['column_gutter'];
$default_font_family = $_POST['default_font_family'];
$default_font_color = $_POST['default_font_color'];
$default_font_style = $_POST['default_font_style'];
$default_font_weight = $_POST['default_font_weight'];
$primary = $_POST['primary'];
$primary_lighter = $_POST['primary_lighter'];
$primary_darker = $_POST['primary_darker'];
$second_accent …我正在PDO用于将数据插入数据库。一切工作都还不错,但是我有点问题。让我以你为例
//Perform a basic insert
$param contains the fields that must be inserted
$this->insert("user", array("id" => $param['id'], "name" => $param['name']));
现在,此插入可以正常工作,但是假设在param缺少字段的数组中,$name我会得到通知:
未定义索引
name
如何直接传递要插入的字段?在我的数组中,键表示列名称,因此:id, name和值是要插入数据库的内容。
这是我的插入方法:
public function insert($table, $data)
{
$fieldNames = implode("`, `", array_keys($data));
$fieldValues = ":" . implode(", :", array_keys($data));
$sth = $this->prepare("INSERT INTO $table (`$fieldNames`)
VALUES ($fieldValues)");
// Bind sui valori
foreach($data as $key => $value)
{
$sth->bindValue(":$key", $value);
}
return $sth->execute();
}
如何仅插入所需的值而不传递所有字段并出错?
我在定义函数和从 error_reporting(E_ALL);
有错误 Parse error: syntax error, unexpected ',', expecting variable (T_VARIABLE) in C:\xampp\htdocs\bs4\func.php on line 4
这是我的代码
<?php
error_reporting(E_ALL);
require_once "condb.php";
function noproblem(time,suggest,phone,eat,problem){ // Here is line 4
$sql="insert into data(time,suggest,phone,eat,problem) values(?,?,?,?,?)";
$stmt=$cn->prepare($sql);
$stmt->bindParam("1",time);
$stmt->bindParam("2",suggest);
$stmt->bindParam("3",phone);
$stmt->bindParam("4",eat);
$stmt->bindParam("5",problem);
try {
$stmt->execute();
echo "ok!";
} catch (Exception $e) {
echo $e->getTraceAsString();
}
}
?>
当我尝试提交新创建的表单时出现此错误.db_connect(); 只是一个新的PDO.
$db = db_connect();
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$mail = $_POST['mail'];
$ww = $_POST['ww'];
$naam = $_POST['naam'];
$achternaam = $_POST['achternaam'];
$tussenvoegsel = $_POST['tussenvoegsel'];
$rights = $_POST['rights'];
try{
$statement = $db->prepare("INSERT INTO gebruiker(email, wachtwoord, rol_id,groep_id, voornaam, achternaam, tussenvoegsel)
VALUES(:mail, :ww, :rolid, :groepid,:voornaam,:achternaam,:achternaam,:tussenvoegsel)");
$statement->execute(array(
"mail" => "$mail",
"ww" => "$ww",
"rolid" => "$rights",
"groepid" => "1",
"voornaam" => "$naam",
"achternaam"=>"$achternaam",
"tussenvoegsel" =>"$tussenvoegsel"));
}
catch(PDOException $e) {
echo $e->getMessage();
}}
这是错误
SQLSTATE [21S01]:插入值列表与列列表不匹配:1136列计数与第1行的值计数不匹配
在有人问我之前......是的,这个专栏肯定存在.
以下查询在CLI或PHPMyAdmin中工作正常,但在PDO中执行时它不起作用,它表示该列不存在.
SELECT `draw_config`.`draw_config_id`, `draw_config`.`time_zone`
FROM `draw_config`
完全错误:
SQLSTATE [42S22]:找不到列:1054'字段列表'中的未知列'draw_config.draw_config_id'
我最近升级了我的本地开发环境,包括PHP和MySQL,所以毫无疑问这就是问题所在.
有没有人有这个错误或错误的更多信息/解决方案?
我在Windows 8上运行以下内容......
PHP版本:
PHP 5.5.6 (cli) (built: Nov 12 2013 11:33:44) VC11
MySQL版本:
+-------------------------+------------------------------+
| Variable_name | Value |
+-------------------------+------------------------------+
| innodb_version | 5.6.14 |
| protocol_version | 10 |
| slave_type_conversions | |
| version | 5.6.14 |
| version_comment | MySQL Community Server (GPL) |
| version_compile_machine | x86_64 |
| version_compile_os | Win64 |
+-------------------------+------------------------------+
我尝试发出一个请求来查找包含特定字符串值的行.
这是我的代码的摘录:
// Getting motscles value
$motscles = $_POST['motscles'];
// Prepare a second SQL request to get all annonces posted by the user
$result2=$connexion->prepare("select * from annonces where titre LIKE = '%".$motscles."%' ");
我没有结果,我认为我的要求很糟糕..
我是PHP的新手,我试图连接到我的数据库,有些你管视频的帮助,但我得到这个错误
不推荐使用:mysql_connect():不推荐使用mysql扩展,将来会删除它:在第7行的C:\ wamp\www\db.php中使用mysqli或PDO
请帮助..我很困惑!!!
我对PHP和MySQL还是很陌生,我尝试学习如何将代码从PDO更改为MySQLi。它与我在网上找到的登录系统有关的“记住我”功能以及一个安全令牌和标识符。我想学习并了解如何将代码从PDO更改为MySQLi。我知道在MySQLi中有一条创建和准备语句,我也必须绑定参数并执行。但是在这种情况下,我还是不知道如何开始。
$pdo = new PDO('mysql:host=localhost;dbname=dbname', 'root', '');
if (!isset($_SESSION['id']) && isset($_COOKIE['identifier']) &&
isset($_COOKIE['securitytoken'])) {
$identifier = $_COOKIE['identifier'];
$securitytoken = $_COOKIE['securitytoken'];
$statement = $pdo->prepare("SELECT * FROM securitytokens WHERE identifier = ?");
$result = $statement->execute(array($identifier));
$securitytoken_row = $statement->fetch();
if (sha1($securitytoken) !== $securitytoken_row['securitytoken']) {
die('Maybe a stolen securitytoken.');
} else {
//Token was correct
//Set an new token
$neuer_securitytoken = random_string();
$insert = $pdo->prepare("UPDATE securitytokens SET securitytoken = :securitytoken WHERE identifier = :identifier");
$insert->execute(array('securitytoken' => sha1($neuer_securitytoken), 'identifier' => $identifier));
setcookie("identifier", $identifier, time() + …<?php
//db connection class using singleton pattern
class dbConn {
//variable to hold connection object.
protected static $db;
//private construct – class cannot be instatiated externally.
private function __construct()
{
try { // assign PDO object to db variable
self::$db = new PDO('mysql:host=localhost;dbname=cricket', 'root', '');
setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) { //Output error – would normally log this to error file rather than output to user.
echo "Connection Error: " . $e->getMessage();
}
}
// get connection function. Static …我想得到表all_nums中名为numbers的列中的所有值的总和,并将其存储到变量中.我在下面试过,但它找到了行数.
$dbh = new PDO('mysql:host='. $host .';dbname='.$db_name, $db_username, $db_password);
$STH_SELECT = $dbh->query("SELECT count(*) FROM all_nums");
$sof = $STH_SELECT->fetchColumn();
正如标题所述,我只能抓取id列,我得到其他人的Undefined索引错误.
我的代码:
if(isset($_SESSION['id'])) {
$presh = $_SESSION['id'];
$stmt = $pdo->prepare("SELECT id FROM users WHERE id = :id");
$id = $presh;
$stmt->execute(array(':id'=>$id));
$accountinfo = $stmt->fetch(PDO::FETCH_ASSOC);
}
稍后在我的代码中我引用它:
Karma <span id="kcurrent"><?php echo $accountinfo["karmacurrent"]; ?></span> | <span id="ktotal"><?php echo $accountinfo["karmatotal"]; ?></span>
行确实存在并且它们已经填满,我做错了什么?
我正在更新一些旧的PHP代码并遇到了一个我不完全理解的问题.在mysql_*函数的旧时代,您可以在SQL查询中包含一个变量,如:
$query = "SELECT * FROM table $limit";
哪里$limit = "LIMIT 0,50";.因此完整的查询是
$query = "SELECT * FROM table LIMIT 0,50";
一切都很好.但是,对于PDO预处理语句和命名参数,除非您分解限制语句,否则这种类型的简单替换似乎不可能.例如:
$stmt = $conn->prepare('SELECT * FROM table :myLimit');
$stmt->execute(array(':myLimit'=>' LIMIT 0,50'));
导致错误:
错误:SQLSTATE [42000]:语法错误或访问冲突:1064您的SQL语法中有错误; 检查与您的MySQL服务器版本对应的手册,以便在"?"附近使用正确的语法 在第1行
(在旁注上我发现错误完全没用,因为没有使用问号 - 但回到手头的问题)
但是,如果我将该查询更改为以下内容,以便进一步细分LIMIT:
$stmt = $conn->prepare('SELECT * FROM table LIMIT :start,:end ');
$stmt->execute(array(':start'=>0,':end'=>50));
它很棒.
:myLimit作为命名参数和
array(':myLimit'=>' LIMIT 0,50')值的工作呢?php.net上的PDO页面有些含糊不清,当涉及到什么可以和不能用作命名参数时,我正在寻找比我发现的更深入的东西:
我目前正在使用PHP 5.1.6