如何使用$ _POST来处理我的PDO语句?

时间:2014-10-21 00:12:26

标签: php mysql pdo

我似乎无法使用$ _POST来处理我的SQL查询。我试过mysql_query和PDO。

$newartist = $_POST['newartist'];  // This doesn't work with PDO statement
//$newartist = 'Hubert De Lartigue'; // This works with PDO statement!
//$query = $DBH->prepare("SELECT * FROM artist WHERE artist =?"); // Original Method
//$query->bindValue(1, $newartist, PDO::PARAM_STR); // Original Method

$query = $DBH->prepare("SELECT * FROM artist WHERE artist = :newartist"); // Suggested Method
//$query->bindParam(':newartist', $newartist); // Suggested method, tested
$query->bindParam(':newartist', $newartist, PDO::PARAM_STR); // Suggested method
$query->execute();
//foreach ($query as $row) { // Switched to while loop so it can "fetch"
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
    $selectedartist = '<option value="'.$row['artist_id'].'" selected="selected">'.$row['artist'].'</option>';
}
然而,我可以回复$ _POST [&#39; newartist&#39;];它会正确输出艺术家的名字!

每个请求的表单(注意:在提交新艺术家后,您必须单击+以正确提交艺术家和newartist回声):

<div style="background: #270126; padding: 0 20px;" id="artist" >
  <form method="post" style="width: 100%">
   Artist: <select name="artist" style="width: 200px; background: black;" class="required">
  <?php 
    if(!empty($_POST['newartist'])) { 
        echo $selectedartist;
    } else {
        echo '<option value="2" selected="selected">Unknown-Artist</option>
             '.$theartist.'';
    } 
    ?></select>&nbsp;<a href="#" style="width: 15px; font-size: 1.5em; display:inline;" onclick="document.getElementById('artistnew').style.display='block';document.getElementById('artworknew').style.display='none';document.getElementById('artist').style.display='none';">+</a></div>
    <div style="background: #270126; padding: 0 20px;" id="addnewartist" >
        <fieldset style="display: none;height: 35px;" id="artistnew">
            <a href="https://www.google.com/search?q=art+" id="googlelink" class="updatethelink" target="_blank">Artist Name</a>:       
            <input name="newartist" id="newartist" style="width: 200px; display:inline;" />&nbsp;Artist URL:<input name="artist_url" value="http://" />
            <input type="submit" value="Submit New Artist" name="addartist" class="secondaryAction" style="display:inline;" />
        </fieldset>
    </div>
    <fieldset id="artworknew" style="width: 100%;">
    <div style="background: #270126; padding: 0 20px;">
        Artwork Name: <input name="name" id="name" style="width: 300px;" />     
    </div>
    <div style="background: #270126; padding: 0 20px;"> 
      File Name: <input name="file" id="file" style="width: 300px" value=".jpg" /><br />
    </div>  
    <div style="background: #270126; padding: 0 20px; height: 35px;"> 
        Folder: <select name="folder" style="width: 200px; background: black;">
   <option value="16">digitalart2</option>
   <?=$thefolder;?></select>&nbsp;
    <input name="disabled" type="checkbox" value="1" />Disable
      <input name="dt1" type="hidden" value="<?=date("Y-m-d H:i:s");?>">
    </div>
    <div align="center">
      <input type="submit" value="Submit Artwork" name="addartwork" class="primaryAction" />
    </div></fieldset>
  </form>
</div>
<?php
if ($_POST['addartist']) {
      mysql_query("INSERT INTO `artist` ( `artist_id` , `artist`, `artist_url`)
VALUES (NULL , '".$_POST['newartist']. "', '".$_POST['artist_url']. "');") or die(mysql_error());
      //echo '<meta http-equiv="refresh" content="0;url=?form=addart">';
      }

  if ($_POST['addartwork']) {
//  list($subcategory, $subcategory_id, $type, $link, $width, $height) = split(":", $_POST['subcategory']);
//  list($genre, $genre_id) = split(":", $_POST['genre']);
      mysql_query("INSERT INTO `artwork` (`id`, `name`, `artist_id`, `file`, `folder_id`, `dt1`, `approved`, `disabled`)

VALUES (NULL ,  
'".sql_inj_str($_POST['name'])."', 
'".sql_inj_str($_POST['artist'])."', 
'".sql_inj_str(htmlentities($_POST['file']))."',
'".sql_inj_str($_POST['folder'])."',  
'".sql_inj_str($_POST['dt1'])."', 
'1', 
'".sql_inj_str($_POST['disabled'])."');
") or die(mysql_error());

//$qu=mysql_query("SELECT LAST_INSERT_ID() INTO @artwork;");

      echo '<div align="center" style="margin-top: 25px;">..::[&nbsp;<a href="/art/'.mysql_insert_id().'" target="_blank" title="Preview Artwork">Artwork Submitted!</a>&nbsp;]::..</div>';
  }
include ('footer.php'); 
?>

2 个答案:

答案 0 :(得分:0)

一切看起来都不错。再次检查表单,并确保name属性正确。此外,如果您在搜索表单上键入名称,请确保您正在处理区分大小写。该名称应与数据库中的名称匹配。

使用bindParam

暂时尝试取出PDO::PARAM_STR

最后试试这个:

$result = $query->execute(); 

然后在for each循环中使用$result

答案 1 :(得分:0)

我查看了你给我的所有代码。你有很多糟糕的HTML,CSS和JavaScript的做法。它使您的代码难以调试。我已经改进了你的代码,也许你可以按照我的逻辑和评论,你会发现你的代码有什么问题。

基本上,您首先向我展示的代码非常好。问题出在你的设计上。您正在为id列输入空值,而不是让数据库为您执行此操作。您有一个artist_id列,并在那里插入艺术家。查看数据库定义以确保它们具有正确的结构并获得预期的变量。这是你的代码,但是有良好的实践。如果您可以按照我的代码,您会发现调试问题更容易。

<?php
/** I have re-wrote your code to give you a better way of writing code that makes it easier to debug**/

/**Store input fields as variables so I don't have to repeat certain things**/
$newartist = isset($_POST['newartist']) ? ($_POST['newartist']) : "Unkown Artist"; // either has a value or the value is Unknown Artist. Only has a value if the $_POST is set
$addartist = isset($_POST['addartist']) ? true : false; // the addartist has been posted or not
$addartwork = isset($_POST['addartwork']) ? true : false; // the addartwork has been posted or not

//This is for add new artist
if($addartist){
    $newartist = isset($_POST['newartist']) ? $_POST['newartist'] :null; 
    $newartist = isset($_POST['artist_url']) ? $_POST['artist_url'] :null; 

    /**when you do new entry into a database, the primary key or the id field should be left alone,
     it automatically updates itself. You must have a primary key in your database for things to work out properly**/
    mysql_query("INSERT INTO `artist` ( `artist`, `artist_url`)
                VALUES ('". $newartist . "', '". $artist_url . "');") or die(mysql_error());      
}else{
    $newartist = null;
    $artist_url = null;
}

/// this is for adding artwork
if($addartwork){
    $name = isset($_POST['name']) ? $_POST['name'] :null; 
    $artist = isset($_POST['artist']) ? $_POST['artist'] :null; 
    $file = isset($_POST['file']) ? htmlentities($_POST['file']) :null; 
    $folder = isset($_POST['folder']) ? $_POST['folder'] :null; 
    $dt1 = isset($_POST['dt1']) ? $_POST['dt1'] :null; 
    $disabled = isset($_POST['disabled']) ? 1 : 0; 


    //  list($subcategory, $subcategory_id, $type, $link, $width, $height) = split(":", $_POST['subcategory']);
    //  list($genre, $genre_id) = split(":", $_POST['genre']);

    /**when you do new entry into a database, the primary key or the id field should be left alone,
     it automatically updates itself. You must have a primary key in your database for things to work out properly**/

    //There is a problem with you artist_id column. The artist has a string value, and you have an id column in the database
    //Also you have a sql_inj_str() function. I am guessing that you have difined this function somewhere.
    mysql_query("INSERT INTO `artwork` ( `name`, `artist_id`, `file`, `folder_id`, `dt1`, `approved`, `disabled`)

    VALUES (NULL ,  
    '".sql_inj_str($name)."', 
    '".sql_inj_str($artist)."', 
    '".sql_inj_str(htmlentities($file))."',
    '".sql_inj_str($folder)."',  
    '".sql_inj_str($dt1)."', 
    '1', 
    '".sql_inj_str($disabled)."');
    ") or die(mysql_error());

    //$qu=mysql_query("SELECT LAST_INSERT_ID() INTO @artwork;");

    echo '<div align="center" style="margin-top: 25px;">..::[&nbsp;<a href="/art/'.mysql_insert_id().'" target="_blank" title="Preview Artwork">Artwork Submitted!</a>&nbsp;]::..</div>';

}else{
    $name = null;
    $artist = null;
    $file = null;
    $folder = null;
    $dt1 = null;
    $disabled = 0;
}

?>

<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <title>Database Query PDO</title>

<!-- Put the styles (CSS) seperate from the html, easier to maintain. You can just copy these styles into an external file and just link it-->
<style>
    #artist {
        /**background: #270126;**/
        /** I just used a different color from yours so that I can see, design choice**/
        background: linen; 
        padding: 0 20px;
    }

    /** give the tag in the html a class name or id in the html and replace the tag name here with the class or id given **/
    form {
        width: 100%;
    }

    /** give the tag in the html a class name or id in the html and replace the tag name here with the class or id given **/
    select {
        width: 200px; 
        /**background: black;**/
        /** I just used a different color from yours so that I can see, design choice**/
        background: linen; 
    }

    /** give the tag in the html a class name or id in the html and replace the tag name here with the class or id given **/
    a {
        width: 15px; 
        font-size: 1.5em; 
        display:inline;

        /**added a myself**/
        text-decoration: none; 
    }

    #addnewartist{
        /**background: #270126;**/
        /** I just used a different color from yours so that I can see, design choice**/
        background: linen; 
        padding: 0 20px;
    }

    fieldset#artistnew{
        display: none;
        height: 35px;
    }
    form #newartist {
        width: 200px; 
        display:inline;
    }

    form .secondaryAction{
        display:inline;
    }

    #artworknew{
        width: 100%;
    }

    /** I now had no choice but to add in a few class names here**/
    .ArtworkName{
        /**background: #270126;**/
        /** I just used a different color from yours so that I can see, design choice**/
        background: linen; 
        padding: 0 20px;
    }

    input[name='name'] { 
        width: 300px;
    }

    .FileName{
        /**background: #270126;**/
        /** I just used a different color from yours so that I can see, design choice**/
        background: linen; 
        padding: 0 20px;
    }

    input[name='file'] { 
        width: 300px;
    }

    .Folder {
        /**background: #270126;**/
        /** I just used a different color from yours so that I can see, design choice**/
        background: linen; 
        padding: 0 20px; 
        height: 35px;
    }



select[name='folder'] { 
            width: 200px; 
            /**background: #270126;**/
            /** I just used a different color from yours so that I can see, design choice**/
            background: linen; 

        }
</style>
</head>

<body>
    <form method="post">
        <!-- move the div inside the form-->
        <div id="artist" >
            Artist: 
            <select name="artist" class="required">
                <?php echo '<option value="' . $newartist . '" selected="selected">' . $newartist . '</option>'; ?>
            </select>
            <!--When the link is clicked it runs the doStyles function-->
            <a href="#" onclick="doStyles()">+</a>
            <!-- get all the javascript out of the anchor tag. You can use jquery or external javscript but doing it this way is really really bad practice-->
            <script>
                // You can store this code in an external javscript file and embed it here
                function doStyles(){
                    document.getElementById('artistnew').style.display='block'; 
                    document.getElementById('artworknew').style.display='none';
                    document.getElementById('artist').style.display='none';
                }
            </script>
        </div>

        <div id="addnewartist" >
            <fieldset id="artistnew">
                <a href="https://www.google.com/search?q=art+" id="googlelink" class="updatethelink" target="_blank">Artist Name</a>:       
                <input name="newartist" id="newartist" />
                Artist URL:
                <input name="artist_url" value="http://" />
                <input type="submit" value="Submit New Artist" name="addartist" class="secondaryAction" />
            </fieldset>
        </div>

        <fieldset id="artworknew" >

            <div class="ArtworkName">
                Artwork Name: 
                <input name="name" id="name" />     
            </div>

            <div class="FileName"> 
              File Name: 
              <input name="file" id="file" value=".jpg" /><br />
            </div> 

            <div class="Folder"> 
                Folder: 
                <select name="folder" >
                    <option value="16">digitalart2</option>
                    <?=$thefolder;?>
                </select>
                <input name="disabled" type="checkbox" value="1" />Disable
                <input name="dt1" type="hidden" value="<?=date("Y-m-d H:i:s");?>">
            </div>

            <div align="center">
              <input type="submit" value="Submit Artwork" name="addartwork" class="primaryAction" />
            </div>
        </fieldset>

    </form>
</div>
</body>
</html>