php / mysql错误：无法使用PDO执行INSERT INTO

Question

我是PHP / MySQL的新手，正试图通过表单将数据插入表中，但是我一直这样：

成功连接错误：无法执行INSERT INTO foo（名字，姓氏，座机，移动电话）VALUES（”，”，“，”）。

我有限的理解告诉我，我的连接成功，但是桌上什么都没有。检查表可以确认这一点。

我正在尝试将数据从PHP 7.1 WHMCS服务器发送到运行MySQL 5.1.73的远程主机。我从WHMCS中提取了一个用户ID，并用这个想法预填充了该字段，以将其与表单数据的其余部分一起发送。我将该字段设置为“隐藏”和“文本”，但是没有运气。

我什至将表格复制/粘贴到单独的html并尝试在根目录下运行所有​​内容。没有骰子。

我以this example作为指导。

我已经盯着这个看了好几个小时，看不到我要去哪里。我将不胜感激。

form.tpl：

<form method="post" action="includes/action.php">
User ID:<input type ="text" name = "userid" value={$d} readonly> //pulls userID from WHMCS
First name:<input type="text" name="firstname">
Last name:<input type="text" name="lastname">
Landline:<input type="text" name="landline">
Mobile:<input type="text" name="mobile">
<input type="submit" value="Submit"></form>

dbconnect.php：

$servername = "fqdn.com";
$username = "few";
$password = "2many";

try {
    $conn = new PDO("mysql:host=$servername;dbname=data_base", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    echo "Connected successfully";
    }
catch(PDOException $e)
    {
    echo "Connection failed: " . $e->getMessage();
    }

action.php：

//Open MySql Connection
include "dbconnect.php";

// prepare sql and bind parameters
$stmt = $conn->prepare("INSERT INTO foo (userid, firstname, lastname, landline, mobile) VALUES (:userid, :firstname, :lastname, :landline, :mobile)");
$stmt->bindParam(':userid', $userid);
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->bindParam(':landline', $landline);
$stmt->bindParam(':mobile', $mobile);

// insert a row
$userid = $_POST["userid"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$landline = $_POST["landline"];
$mobile = $_POST["mobile"];
$stmt->execute();


    echo "New records created successfully";
} catch(PDOException $e)
    {
        echo "Error: " . $e->getMessage();
    }

if (!$stmt) {
    echo "\nPDO::errorInfo():\n";
    print_r($dbh->errorInfo());
}

$conn = null;

Answer 1

在action.php中，您在设置变量之前正在使用变量。

// insert a row
$userid = $_POST["userid"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$landline = $_POST["landline"];
$mobile = $_POST["mobile"];

// prepare sql and bind parameters
$stmt = $conn->prepare("INSERT INTO foo (id, firstname, lastname, landline, mobile) VALUES (:userid, :firstname, :lastname, :landline, :mobile)");
$stmt->bindParam(':userid', $userid);
$stmt->bindParam(':firstname', $firstname);
$stmt->bindParam(':lastname', $lastname);
$stmt->bindParam(':landline', $landline);
$stmt->bindParam(':mobile', $mobile);
$stmt->execute(); 

Answer 2

很抱歉延迟。这是解决方案。

action.php：

public function insertToDb($data)
    {
        try{
           $sql = "INSERT INTO table_name (column1, column2) VALUES ('" . $data['column1']."','" .  $data['column2']."')";
            $this->con->exec($sql);
           if($this->con->lastInsertId() > 0){
                return true;
            } else {
                return "Error: " . $sql . "<br>" . $conn->error;
            }
        } catch (\PDOException $e) {
            return "Insert failed: " . $e->getMessage();
        }
    }

    public function getSingleData($d,$c)
    {
        try{
           $sql = "SELECT * FROM table_name  WHERE d='".$d."' AND c='".$c."'";
           $query = $this->con->prepare($sql);
           $query->execute();
           return $query->fetchAll(\PDO::FETCH_ASSOC);
        } catch (\PDOException $e) {
            return "Error: " . $e->getMessage();
        }
    }

编辑：@halfer感谢您指出漏洞。

public function insertToDb($data)
    {
        try{
            $insertdata = [
                'column1' => $data['column1'],
                'column2' => $data['column2'],
                'column3' => $data['column3'],
            ];
           $sql = "INSERT INTO table_name (column1, column2,column3) VALUES (:column1,:column2,:column3)";
           $stmt= $this->con->prepare($sql);
           $stmt->execute($insertdata);
           if($this->con->lastInsertId() > 0){
                return true;
            } else {
                return "Error: " . $sql . "<br>" . $conn->error;
            }
        } catch (\PDOException $e) {
            return "Insert failed: " . $e->getMessage();
        }
    }