Question

我在这里有一个表格：

 <form action="includes/Payment.inc.php" method="get" class="px-4 py-4" >
    <div class="form-group">
        <div class="d-inline py-1"><h5>Payment Type</h5></div>
        <select class="bg-white text-dark" name="payment_type">
            <option value="Type">Type</option>
            <option value="Food">Food</option>
            <option value="House-Rent">House-Rent</option>
            <option value="Other">Other</option>
        </select>
        <h5 class="py-1">Amount of Money</h5>
        <div class="input-group">
            <span class="input-group-addon">$</span>
            <input type="text" class="form-control" name="amount" aria-label="Text input with checkbox">
            <span class="input-group-addon">JPY</span>
        </div>
        <h5 class="py-1">Detail</h5>
        <textarea placeholder="Enter The Detail in here" name="detail"></textarea><br>
        <label><h5 class="py-1">Date: </h5></label>
        <input type="date" name="date"><br>
        <button type="submit" name="submit" class="btn btn-primary m-4 border rounded">Submit</button>
    </div>
</form>

单击时，只需将所有信息放入数据库，并使用以下PHP代码：

<?php
if (isset($_GET['submit'])) {
    include_once  'dbh.inc.php';
    $payment_type = $_GET['payment'];
    $amount_money = filter_input(INPUT_GET,'amount',FILTER_SANITIZE_NUMBER_INT);
    $detail = filter_input(INPUT_GET,'detail',FILTER_SANITIZE_STRING);
    $date = $_GET['date'];
    if (empty($amount_money)) {
        header('Location: ../Data.php?money_empty');
        exit();
    }
    else {
        $sql = "INSERT INTO payment(payment_type,amount,detail,payment_date)
            VALUES (':payment_type',':amount',':detail',':payment_date')";
        $result = $conn->prepare($sql);
        $result->bindParam(':payment_type',$payment_type,PDO::PARAM_STR);
        $result->bindParam(':amount',$amount_money,PDO::PARAM_INT);
        $result->bindParam(':detail',$detail,PDO::PARAM_STR);
        $result->bindParam(':payment_date',$date,PDO::PARAM_STR);
        $result->execute();

        header("Location: ../Data.php?payment_success");
        exit();
    }
}

然后，当我测试表单时，执行完成但是当我检查了＆＃34;付款＆＃34;表，这是我得到的：

payment_type（varchar）=＆＃34;：payment_type＆＃34;
amount（int）= 0
detail（varchar）=＆＃34;：detail＆＃34;
payment_date（date）=＆＃34; 0000-00-00＆＃34;。我的代码有什么问题??

Answer 1

在您的代码中，您使用''来插入插入参数中的字符串部分，这不需要PDO。请改用以下内容......

<?php
if (isset($_GET['submit'])) {
include_once  'dbh.inc.php';
$payment_type = $_GET['payment'];
$amount_money = filter_input(INPUT_GET,'amount',FILTER_SANITIZE_NUMBER_INT);
$detail = filter_input(INPUT_GET,'detail',FILTER_SANITIZE_STRING);
$date = $_GET['date'];
if (empty($amount_money)) {
    header('Location: ../Data.php?money_empty');
    exit();
}
else {
    $sql = "INSERT INTO payment(payment_type,amount,detail,payment_date)
            VALUES (:payment_type,:amount,:detail,:payment_date)";
    $result = $conn->prepare($sql);
    $result->bindParam(':payment_type',$payment_type,PDO::PARAM_STR);
    $result->bindParam(':amount',$amount_money,PDO::PARAM_INT);
    $result->bindParam(':detail',$detail,PDO::PARAM_STR);
    $result->bindParam(':payment_date',$date,PDO::PARAM_STR);
    $result->execute();

    header("Location: ../Data.php?payment_success");
    exit();
}
}

Answer 2

您正在引用参数标记，例如':payment_type'，这使它们看起来像PDO的简单字符串，因此这些字符串是显示在DB中的字符串。 As the docs show，你不应该引用它们：

$sql = "INSERT INTO payment(payment_type,amount,detail,payment_date)
        VALUES (:payment_type, :amount, :detail, :payment_date)";

PDO插入参数键而不是参数值

2 个答案: