我已经使用PHP,HTML和SQL编写了一段时间的脚本,并认为我的技能是平均的。我想用PDO技能开发强化我的PHP,特别是为了防止SQL注入。
我已阅读并遵循了一些例子,但似乎总是抛出
PHP Parse错误:语法错误,意外T_ENCAPSED_AND_WHITESPACE“ 错误
我很困惑,问题是什么。错误发生在第23行,它应该执行。
我知道表单字段很好,因为这在没有PDO的情况下工作。自转换以来,我不断收到上述错误。 [$var1-$var6已更改为示例]。
<?php if(isset($_POST['submit'])) {
// connect to db include '/xxx/xxx/pdo-db-conn.php';
// check db connection
$subject = $_POST['subject'];
$email = $_POST['email'];
$name = $_POST['name'];
$date = $_POST['date'];
$var1 = $_POST['var1'];
$var2 = $_POST['var2'];
$var3 = $_POST['var3'];
$var4 = $_POST['var4'];
$var5 = $_POST['var5'];
$var6 = $_POST['var6'];
$sqli = "INSERT INTO mytable (subject,email,name,date,var1,var2,var3,var4,var5,var6) VALUES (:subject,:email,:name,:date,:var1,:var2,:var3,:var4,:var5,:var6)";
$sql = $dbConn->prepare("$sqli");
$sql->execute(array(':subject' => $subject, ':email' => $email, ':name' => $name, ':date' => $date, ':var1' => $var1, ':var2' => $var2, ':var3' => $var3, ':var4' => $var4, ':var5' => $var5, ':var6' => $var6)');
答案 0 :(得分:4)
数组末尾有'。
格式化代码可以帮助您看到这种错误:)
$sqli = "INSERT INTO mytable (subject,email,name,date,var1, var2, var3, var4, var5, var6) VALUES (:subject,:email,:name,:date,:var1,:var2,:var3,:var4,:var5,:var6)";
$sql = $dbConn->prepare("$sqli");
$sql->execute(array(
':subject' => $subject,
':email' => $email,
':name' => $name,
':date' => $date,
':var1' => $var1,
':var2' => $var2,
':var3' => $var3,
':var4' => $var4,
':var5' => $var5,
':var6' => $var6
));
答案 1 :(得分:0)
这是问题
INSERT INTO mytable >(subject,email,name,date,var1,
^
删除此>
并在结尾删除'
$var6)');
^