我的表单是从jquery日期选择器捕获日期,表单在没有日期选择器的情况下工作正常但是有了它,它只是给出了这个错误:
Error: Unknown column '$time' in 'field list'
以下是我的php& HTML代码
<?php
//form submitted
if (isset($_POST['create'])) {
//require db details
require_once '../dblogin.php';
//set flag
$OK = false;
// create database connection
$conn = new mysqli ($host, $user, $password, $database) or die("Connection Failed");
// initialize prepared statement
$stmt = $conn->stmt_init();
// create SQL to insert task
$sql = 'INSERT INTO tasks (task_name, task_project_id, task_assignee_id, datepicker, task_created_by, task_schedule, task_duration, task_end_date, task_creation_date, task_notes, task_status)
VALUES(?, ?, ?, ?, '.$_SESSION['id'].', ?, ?, $time, NOW(), ?, ?)';
if ($stmt->prepare($sql)) {
// bind parameters and execute statement
$stmt->bind_param('siissss', $_POST['task_name'], $_POST['task_project_id'], $_POST['task_assignee_id'], $_POST['datepicker'], $_POST['task_duration'], $_POST['task_notes'], $_POST['task_status']);
// execute and get number of affected rows
$stmt->execute();
if ($stmt->affected_rows > 0) {
$OK = true;
}
}
// redirect if successful or display error
if ($OK) {
header('Location: task_confirmation.php');
exit;
} else {
$error = $stmt->error;
}
}
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”>
<html xmlns=”http://www.w3.org/1999/xhtml”>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8” />
<title>Create new task</title>
<script src="http://code.jquery.com/jquery-1.9.1.js"></script>
<script src="http://code.jquery.com/ui/1.10.1/jquery-ui.js"></script>
<script>
$(function() {
$( "#datepicker" ).datepicker({dateFormat: 'yy-mm-dd' });
});
</script>
<link rel="stylesheet" type="text/css" href="../allcss/style.css" />
</head>
<body>
<?php
require('../Login/includes/header.inc.php');
?>
<div id="content">
<?php if (isset($error)) {
echo "<p>Error: $error</p>";
} ?>
<form id="form1" method="post" action="">
<div id="add">
<p>
<label for="task_name"class="title">Task name:</label>
<input name="task_name" type="text" class="widebox" id="task_name">
</p>
<p>
<span class="title">Project: </span><select name="task_project_id" size "5">
<?php
require_once '../dblogin.php';
$conn = new mysqli ($host, $user, $password, $database) or die("Connection Failed");
$stmt2 = $conn->stmt_init();
//pulls project names for the select element//
$sql2 = 'select * from projects';
$stmt2->prepare($sql2);
$stmt2->execute();
$result = $stmt2->get_result();
while($resultRow = $result->fetch_array(MYSQLI_ASSOC))
{
var_dump($resultRow);
echo "<option value='".$resultRow[project_id]."'>".$resultRow[project_name]."</option>";
}
$result->close();
$stmt2->close();
?>
</select>
</p>
<p>
<span class="title">Assignee: </span><select name="task_assignee_id" size "5">
<?php
require_once '../dblogin.php';
$conn = new mysqli ($host, $user, $password, $database) or die("Connection Failed");
$stmt3 = $conn->stmt_init();
//pulls intern names for the select element//
$sql3 = "select * from users where user_role='INT'";
$stmt3->prepare($sql3);
$stmt3->execute();
$result = $stmt3->get_result();
while($resultRow = $result->fetch_array(MYSQLI_ASSOC))
{
var_dump($resultRow);
echo "<option value='".$resultRow[person_id]."'>".$resultRow[user_name]."</option>";
}
$result->close();
$stmt3->close();
?>
</select>
</p>
<p>
<label for="dates"class="title">Schedule for:</label>
<input name="datepicker" type="text" id="datepicker"/>
</p>
<p>
<span class="title">Duration: </span><select name="task_duration" size "1">
<option value="00:30:00">30 minutes</option>
<option value="01:00:00">1 hour</option>
<option value="01:30:00">1,5 hours</option>
</select>
</p>
<p>
<label for="task_notes"class="title">Additional notes:</label>
<input name="task_notes" type="text" class="widebox" id="task_notes">
</p>
<p>
<span class="title">task status: </span><select name="task_status" size "1">
<option value="Complete">Complete</option>
<option value="Incomplete">Incomplete</option>
</select>
</p>
<p class="submit">
<input type="submit" name="create" value="Create task" id="create">
</p>
</div>
</form>
</div>
<?php
require('../Login/includes/footer.inc.php');
?>
</body>
</html>
有人可以帮我解决这个问题吗
答案 0 :(得分:1)
出于某种原因,您没有为$time
值使用预准备语句(以及$ _SESSION ['id']也是如此)。
它既危险又是你得到错误的原因。
$sql = 'INSERT INTO tasks (task_name, task_project_id, task_assignee_id,
datepicker, task_created_by, task_schedule, task_duration,
task_end_date, task_creation_date, task_notes, task_status)
VALUES(?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?)';
if ($stmt->prepare($sql)) {
// bind parameters and execute statement
$stmt->bind_param('siisissss', $_POST['task_name'], $_POST['task_project_id'],
$_POST['task_assignee_id'], $_POST['datepicker'], $_SESSION['id'],
$_POST['task_duration'], $time, $_POST['task_notes'], $_POST['task_status']);
它应该是,或类似的东西。您需要自己检查占位符,键入字符串和相应的值。
答案 1 :(得分:0)
您使用单引号查询。那样$time
不会扩展到变量值。您应该使用双引号("
),如下所示:
"INSERT INTO tasks (task_name, task_project_id, task_assignee_id, datepicker, task_created_by, task_schedule, task_duration, task_end_date, task_creation_date, task_notes, task_status)
VALUES(?, ?, ?, ?, ".$_SESSION['id'].", ?, ?, $time, NOW(), ?, ?)";
此外,我认为你也应该使用$_SESSION['id']
和$time
的参数,因为来自用户的每一个都不能真正被信任。