我获取今天当前年的年和月,并且在我的文本框中显示正确的值。但是,当我开始将其提交到数据库时,默认情况下该值为2014,而不是文本框的值。似乎是什么问题?
function YearMonth() {
var d = new Date();
var n = d.getFullYear();
var t = d.getUTCMonth()+1;
var x = n + "-" + t ;
document.getElementById("num").value = x;
} <td><input type="text" id="num" name="num"></td></tr>
<input type= "button" name= "button_go" onclick="YearMonth()" id= "button_go" value= "GO" />
<input type= "submit" name= "submit" id= "submit_form" value= "Submit" />
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "_db";
$connection = new mysqli($servername, $username, $password, $dbname);
if ($connection->connect_error) {
die("Connection failed: " . $connection->connect_error);
}
$count = $_POST['num'];
$sql = "INSERT INTO table (no)
VALUES ($count)";
if ($connection->query($sql) === TRUE)
{
}
else
{
echo "Error: " . $sql . "<br>" . $connection->error;
}
答案 0 :(得分:3)
您的问题出在您的2 nextPositionalParameters, CommandParameterInternal argument, ParameterBindingFlags flags, ParameterBindingException& bindingException) at System.Management.Automation.ParameterBinderController.BindPositionalParameters(Collection查询中:
1 arguments) at System.Management.Automation.CmdletParameterBinderController.BindCommandLineParameters(Collection因为您没有引用INSERT,所以它翻译为
$sql = "INSERT INTO table (no) VALUES ($count)";
然后MySQL转换为
$count在INSERT INTO table (no) VALUES (2019-5)
周围加上引号可以暂时解决您的问题:
INSERT INTO table (no) VALUES (2014)
但是您应该真正切换到准备好的语句,以避免SQL注入风险。像这样:
$count如果您最初使用的是准备好的语句,那么您一开始就不会遇到这个问题。