这是我的代码:
<?php $txtCommentor = $_POST['txtCommentor'] //from form?>
<?php $txtComment = $_POST['txtComment'] //from form?>
<?php $jobno = $_GET['jobno'] //from URL?>
<?php
//Query and connect
$query = "INSERT INTO delivery_comments (commentor, comment, jobno) VALUES ($txtCommentor,$txtComment, $jobno) ";?>
<?php $results = sqlsrv_query($conn, $query);?>
<?php echo $query?>
<?php
if( $results === false ) {
die( print_r( sqlsrv_errors(), true));
}
?>
当我运行页面时,我得到了以下结果:
INSERT INTO delivery_comments (commentor, comment, jobno)
VALUES (frontdesk,bvhjfhj, 85450)
然后我收到错误:
Array ( [0] => Array ( [0] => 42S22 [SQLSTATE] => 42S22 [1] => 207 [code] => 207 [2] => [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Invalid column name 'frontdesk'. [message] => [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Invalid column name 'frontdesk'. ) [1] => Array ( [0] => 42S22 [SQLSTATE] => 42S22 [1] => 207 [code] => 207 [2] => [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Invalid column name 'bvhjfhj'. [message] => [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Invalid column name 'bvhjfhj'. ) )
请注意,echoed insert语句是第一个。这是对的。然后剩下的错误告诉我要插入的数据是一个无效的列名。这没有任何意义。该信息不应该是列名,而是插入到列中的数据。
答案 0 :(得分:1)
<?php $txtCommentor = $_POST['txtCommentor'] //from form?>
<?php $txtComment = $_POST['txtComment'] //from form?>
<?php $jobno = $_GET['jobno'] //from URL?>
<?php
$params = array( $txtCommentor, $txtComment, $jobno);
//Query and connect
$query = "INSERT INTO delivery_comments (commentor, comment, jobno) VALUES (?,?,?) ";?>
<?php $results = sqlsrv_query($conn, $query,$params);?>
以上是您查询的已清理版本。
你应该取得更大的成功
答案 1 :(得分:0)
这是我最终使用的:
$query = "INSERT INTO delivery_comments (commentor, comment, jobno) VALUES ('$txtCommentor','$txtComment', '$jobno') ";