我有两个php变量,一个整数和另一个json,我将其转换为字符串变量,然后将它们插入到postgresql数据库中。
将整数转换为字符串变量:
$string1 = (string)$integer;
将json从facebook api转换为字符串变量:
$string2 = json_encode($json);
现在,我必须将这两个字符串变量插入到postgres数据库中:
$query = "INSERT INTO interests VALUES(". $string1 ." ," . $string2 .")";
pg_query($con, $query) or die("Cannot execute query: $query\n");
这不起作用。我尝试了很多解决方案,但仍然无法正常工作。
我改变了我的功能以插入数据库
function push_interests(){
$id = $facebook->getUser();
$int = $facebook->api('/me/interests');
$host = "hostname";
$user = "user";
$pass = "password";
$db = "database";
$con = pg_connect("host=$host dbname=$db user=$user password=$pass")
or die ("Could not connect to server\n");
$id = (string)$id;
$int = json_encode($int);
$sql = "INSERT INTO interests VALUES($1,$2)";
pg_prepare($con,'my_insert', $sql) or die ("Cannot prepare statement1\n") ;
pg_execute($con,'my_insert', array($id,$int)) or die ("Cannot execute statement1\n");
pg_close($con);
}
输出是:无法执行statement1 我创建了数据库如下:
$query = "DROP TABLE IF EXISTS interests";
pg_query($con, $query) or die("Cannot execute query: $query\n");
$query = "CREATE TABLE interests(id VARCHAR(25) PRIMARY KEY, interests VARCHAR(500))";
pg_query($con, $query) or die("Cannot execute query: $query\n");
答案 0 :(得分:3)
因为字符串需要用简单的引号括起来。我强烈建议您使用预准备语句来忽略这些问题,并确保正确的变量转义,以防止您的应用程序被SQL注入攻击。
$sql = "INSERT INTO interests VALUES ($1, $2)";
$result = pg_prepare($con, 'my_insert', $sql);
$result = pg_execute($con, 'my_insert', array($string1, $string2));
请参阅http://php.net/manual/en/function.pg-prepare.php
编辑:这是我测试过的实际代码:
<?php
$con = pg_connect('')
or die ("Could not connect to server\n");
$id = (string) 5;
$int = json_encode(array('pika' => 'chu', 'plop' => array(1, 2, 3)));
$query = "CREATE TABLE interests(id VARCHAR(25) PRIMARY KEY, interests VARCHAR(500))";
pg_query($query) or die('creating table failed.');
$sql = "INSERT INTO interests (id, interests) VALUES ($1, $2)";
pg_prepare('my_query', $sql);
pg_execute('my_query', array($id, $int)) or die("Error while inserting.");