一直试图调试这几个小时没有结果。请帮忙。 环境:PHP5.3与MSSQL2005 / 8与PHP的MSSQL驱动程序交谈 SQL查询:
INSERT INTO [dbo].[Enquiry] ([FullName], [FirstName], [Surname], [ContactPhone],
[WorkPhone], [ContactMobile], [EmailAddress], [Callwhen], [LoanType], [EnquiryDate],
[Suburb], [State], [PostCode], [HiddenField], [CFIssue01], [CFIssue02], [CFIssue03],
[CFIssue04], [ProductID]) VALUES ('asdf asdf','asdf','asdf','03 12312312','02 12312312',
'','','10:12 AM 02/08/11','CF','2011-08-02 10:12:45',
'asdf','NSW','1231','245678','asdfasdf1222','','','','CF')
如果我使用sqlsrv_query()运行此查询并且效果很好。
为了防止SQL注入,我更喜欢使用预准备语句sqlsrv_prepare()和sqlsrv_execute()。
要做好准备好的陈述,我有:
INSERT INTO [dbo].[Enquiry] ([FullName], [FirstName], [Surname], [ContactPhone],
[WorkPhone], [ContactMobile], [EmailAddress], [Callwhen], [LoanType], [EnquiryDate],
[Suburb], [State], [PostCode], [HiddenField], [CFIssue01], [CFIssue02], [CFIssue03],
[CFIssue04], [ProductID]) VALUES "(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,)"
然后我有了参数:
$params = array( &$mm_fullname, &$mm_firstname, &$mm_surname, &$mm_contactphone,
&$mm_workphone, &$mm_contactmobile, &$mm_emailaddress, &$mm_callwhen, &$mm_loantype,
&$mm_enquirydate, &$mm_suburb, &$mm_state, &$mm_postcode, &$mm_hiddenfield,
&$mm_cfissue01, &$mm_cfissue02, &$mm_cfissue03, &$mm_cfissue04, &$mm_productid );
然后准备声明:
$stmt = sqlsrv_prepare( $conn, $tsql, $params))
然后运行语句:
sqlsrv_execute( $stmt) .........禁令!错误在这里:
[0] => HY104
[SQLSTATE] => HY104
[1] => 0
[code] => 0
[2] => [Microsoft][SQL Server Native Client 10.0]Invalid precision value
[message] => [Microsoft][SQL Server Native Client 10.0]Invalid precision value
不确定我做错了什么..
更新#1:将所有参数转换为字符串 - 同样的错误:
/* Assign parameter values. */
$mm_fullname = strval($firstname . " " . $lastname);
$mm_firstname = strval($firstname);
$mm_surname = strval($lastname);
$mm_contactphone = strval($homenumber);
$mm_workphone = strval($worknumber);
$mm_contactmobile = strval($mobilenumber);
$mm_emailaddress = strval($email);
$mm_callwhen = strval(date('h:i A d/m/y'));
$mm_loantype = strval("CF");
$mm_enquirydate = strval(date('Y-m-d H:i:s'));
$mm_suburb = strval($suburb);
$mm_state = strval($state);
$mm_postcode = strval($postcode);
$mm_hiddenfield = strval("245678");
$mm_cfissue01 = strval($creditissue1);
$mm_cfissue02 = strval($creditissue2);
$mm_cfissue03 = strval($creditissue3);
$mm_cfissue04 = strval($creditissue4);
$mm_productid = strval("CF");
$params = array( &$mm_fullname,
&$mm_firstname,
&$mm_surname,
&$mm_contactphone,
&$mm_workphone,
&$mm_contactmobile,
&$mm_emailaddress,
&$mm_callwhen,
&$mm_loantype,
&$mm_enquirydate,
&$mm_suburb,
&$mm_state,
&$mm_postcode,
&$mm_hiddenfield,
&$mm_cfissue01,
&$mm_cfissue02,
&$mm_cfissue03,
&$mm_cfissue04,
&$mm_productid );
答案 0 :(得分:2)
行。感谢Wrikken。你的意见有效!
从this page开始,我找到了如何为每个参数定义SQLSRV_SQLTYPE_ *。
现在,我更新了我的代码:
$params = array(
array(&$mm_fullname, null, null, SQLSRV_SQLTYPE_VARCHAR(200)),
array(&$mm_firstname, null, null, SQLSRV_SQLTYPE_VARCHAR(100)),
array(&$mm_surname, null, null, SQLSRV_SQLTYPE_VARCHAR(100)),
array(&$mm_contactphone, null, null, SQLSRV_SQLTYPE_VARCHAR(50)),
array(&$mm_workphone, null, null, SQLSRV_SQLTYPE_VARCHAR(50)),
array(&$mm_contactmobile, null, null, SQLSRV_SQLTYPE_VARCHAR(50)),
array(&$mm_emailaddress, null, null, SQLSRV_SQLTYPE_VARCHAR(150)),
array(&$mm_callwhen, null, null, SQLSRV_SQLTYPE_VARCHAR(50)),
array(&$mm_loantype, null, null, SQLSRV_SQLTYPE_VARCHAR(50)),
array(&$mm_enquirydate, null, null, SQLSRV_SQLTYPE_DATETIME),
array(&$mm_suburb, null, null, SQLSRV_SQLTYPE_VARCHAR(100)),
array(&$mm_state, null, null, SQLSRV_SQLTYPE_VARCHAR(50)),
array(&$mm_postcode, null, null, SQLSRV_SQLTYPE_VARCHAR(20)),
array(&$mm_hiddenfield, null, null, SQLSRV_SQLTYPE_VARCHAR(2000)),
array(&$mm_cfissue01, null, null, SQLSRV_SQLTYPE_VARCHAR(2000)),
array(&$mm_cfissue02, null, null, SQLSRV_SQLTYPE_VARCHAR(2000)),
array(&$mm_cfissue03, null, null, SQLSRV_SQLTYPE_VARCHAR(2000)),
array(&$mm_cfissue04, null, null, SQLSRV_SQLTYPE_VARCHAR(2000)),
array(&$mm_productid, null, null, SQLSRV_SQLTYPE_VARCHAR(50))
);
它没有任何错误,效果很好!