我有来自表单的用户输入(可能是空字段 - 是的,数据库设置为使用空值),我需要将信息插入到数据库的表中。
还有一些信息:我在Titanium中创建这个应用程序
这是将所有参数发送到PHP文件的代码:
saveButton.addEventListener('click', function() {
var xhr = Ti.Network.createHTTPClient();
var url = ""; //url is in here; I just took it out for privacy
xhr.open("GET", url);
var params = {
query : "enterAsset",
barcode : barcodeTextField.value, //all these textfields are editable by the user
assetClass : assetClassTextField.value,
manufacturer : manufacturerTextField.value,
model : modelTextField.value,
serialNum : serialNumTextField.value,
custodian : custodianTextField.value,
status : statusTextField.value,
loginName : LOGIN_NAME,
divisionID : DIVISION_ID,
dateBuy : dateBoughtTextField.value,
priceBuy : priceTextField.value,
dateInSvc : dateInServiceTextField.value,
dateLastSvc : dateLastServiceTextField.value,
};
xhr.onload = function() {
alert("Successful entry"); //this alert does appear when the button is pressed
};
xhr.send(params);
});
这是连接到数据库后PHP文件中的代码:
$query = $_GET['query'];
switch($query) { //this switch statement exists so we can access the database for multiple queries from the same .php file. We know it works because the "login" query works just fine.
case "data":
//unimportant stuff is in here
break;
case "clients":
//more irrelevant stuff in here
break;
case "login": //this works, but it's not trying to insert anything
$username = $_GET['username'];
$password = $_GET['password'];
$stmt4 = $con->prepare('CALL Get_user_auth(:username,:password)');
$stmt4->bindParam(':username',$username,PDO::PARAM_STR);
$stmt4->bindParam(':password',$password,PDO::PARAM_STR);
$stmt4->execute();
$results = $stmt4->fetchAll(PDO::FETCH_ASSOC);
$stmt4->closeCursor();
break;
case "search":
//more irrelevant stuff in here
break;
case "enterAsset":
$barcode = '12345';
$assetClass = 'test';
$manufacturer = 'test';
$model = 'test';
$serialNum = 'test';
$custodian = 'test';
$locationID = '1';
$status = 'test';
$dateBuy = 'test';
$priceBuy = 'test';
$dateInSvc = 'test';
$dateLastSvc = 'test';
$loginName = 'jane';
$divisionID = '1';
$stmt6 = $con->prepare('CALL Enter_new_asset(:divisionID,:barcode,:assetClass,:manufacturer,:model,:serialNum,:custodian,:status,:locationID,:dateBuy,:priceBuy,:dateInSvc,:dateLastSvc,:loginName)');
$stmt6->bindParam(':divisionID',$divisionID,PDO::PARAM_INT,11);
$stmt6->bindParam(':barcode',$barcode,PDO::PARAM_STR,128);
$stmt6->bindParam(':assetClass',$assetClass,PDO::PARAM_STR,10);
$stmt6->bindParam(':manufacturer',$manufacturer,PDO::PARAM_STR,10);
$stmt6->bindParam(':model',$model,PDO::PARAM_STR,10);
$stmt6->bindParam(':serialNum',$serialNum,PDO::PARAM_STR,20);
$stmt6->bindParam(':custodian',$custodian,PDO::PARAM_STR,20);
$stmt6->bindParam(':status',$status,PDO::PARAM_STR,10);
$stmt6->bindParam(':locationID',$locationID,PDO::PARAM_INT,11);
$stmt6->bindParam(':dateBuy',$dateBuy,PDO::PARAM_STR,13);
$stmt6->bindParam(':priceBuy',$priceBuy,PDO::PARAM_STR,10);
$stmt6->bindParam(':dateInSvc',$dateInSvc,PDO::PARAM_STR,13);
$stmt6->bindParam(':dateLastSvc',$dateLastSvc,PDO::PARAM_STR,13);
$stmt6->bindParam(':loginName',$loginName,PDO::PARAM_STR,20);
$stmt6->execute();
$stmt6->closeCursor();
break;
default:
$results = "FAIL.";
break;
}
当我指定“enterAsset”查询时返回“null”,这是预期的,因为它不应该返回任何内容。
Enter_new_asset的存储查询是:
INSERT INTO TBL_ASSET_DATA (Division_ID, Barcode_Tag, Asset_Class, Manufacturer, Model, Serial_Num, Custodian, Status, Location_ID, Date_buy, Price_buy, Date_in_svc, Date_last_svc, Updated_by)
VALUES(divisionID,barcode, assetClass, manufacturer, model, serialNum, custodian, status, locationID, dateBuy, priceBuy, dateInSvc, dateLastSvc, loginName)
编辑:我尝试在变量的某些值中进行硬编码,现在我收到此错误:解析错误:语法错误,意外'';'第90行/homepages/21/d265224452/htdocs/brillient_wordpress/AMproxy.php中的(T_CONSTANT_ENCAPSED_STRING)
这是第90行的代码:
$stmt6 = $con->prepare('CALL Enter_new_asset(:divisionID,:barcode,:assetClass,:manufacturer,:model,:serialNum,:custodian,:status,:locationID,:dateBuy,:priceBuy,:dateInSvc,:dateLastSvc,:loginName)');
我的问题是:为什么数据库没有使用输入的信息进行更新? TBL_ASSET_DATA中未出现新条目。关于这个问题的其他问题似乎是使用MySQLi或不推荐使用的mysql命令,这是使用PDO。
提前感谢您的帮助。
编辑我通过替换
让我的数据库更新$stmt6 = $con->prepare('CALL Enter_new_asset(:divisionID,:barcode,:assetClass,:manufacturer,:model,:serialNum,:custodian,:status,:locationID,:dateBuy,:priceBuy,:dateInSvc,:dateLastSvc,:loginName)');
使用:
$sql = "INSERT INTO TBL_ASSET_DATA(Division_ID, Barcode_Tag, Asset_Class, Manufacturer, Model, Serial_Num, Custodian, Status, Location_ID, Date_buy, Price_buy, Date_in_svc, Date_last_svc, Updated_by) VALUES(:divisionID,:barcode, :assetClass, :manufacturer, :model, :serialNum, :custodian, :status, :locationID, :dateBuy, :priceBuy, :dateInSvc, :dateLastSvc, :loginName)";
$stmt6 = $con->prepare($sql);
但我想知道这是否安全。
答案 0 :(得分:0)
您似乎错过了在此处关闭字符串的引号:
$dateLastSvc = 'test;
这使您的代码行为不正确。如果使用带有上下文突出显示的编辑器,您可以轻松选择ushc拼写错误。例如,我可以立即选择它,看看即使是Stack Overflow也能做到的突出显示。