1.Php代码如下,我没有自动递增字段完整错误描述
错误:无法执行INSERT INTO employee(emp_name,rate,ifsc_code、acc_num、acc_holder_name)值('','',''、'','')。第1行的列"rate"的整数值"不正确
<?php
include_once('connectdb.php');
$emp_name = mysqli_real_escape_string($link, $_REQUEST['emp_name']);
$rate = mysqli_real_escape_string($link, $_REQUEST['rate']);
$ifsc_code = mysqli_real_escape_string($link, $_REQUEST['ifsc_code']);
$acc_num = mysqli_real_escape_string($link, $_REQUEST['acc_num']);
$acc_holder_name = mysqli_real_escape_string($link, $_REQUEST['acc_holder_name']);
$sql = "INSERT INTO employee( emp_name,
rate,
ifsc_code,
acc_num,
acc_holder_name)
VALUES ( '$emp_name',
'$rate',
'$ifsc_code',
'$acc_num',
'$acc_holder_name')";
if(mysqli_query($link, $sql)){
//echo "<script type='text/javascript'>alert('Commodity added to inventory')</script>";
echo "<meta http-equiv='refresh' content='0;url=insert_emp_details.php'>";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
根据我的评论,您应该将$rate转换为整数或删除像这样的'
单引号
$sql = "INSERT INTO employee( emp_name,
rate,
ifsc_code,
acc_num,
acc_holder_name)
VALUES ( '$emp_name',
$rate,
'$ifsc_code',
'$acc_num',
'$acc_holder_name')";
或
你可以像这个$rate= (int)$rate;
一样转换成整数
同时使用具有绑定参数功能的pdo
防止sql
注入
如上所述,原始代码可能容易受到SQL注入的攻击,因此建议使用prepared statement
来帮助降低风险。
不过,你发布的错误消息让我担心——似乎所有值都是空的。。。是这样吗?在尝试sql操作之前,您应该检查这些变量是否存在。
<?php
include_once('connectdb.php');
try{
$sql='insert into `employee` ( `emp_name`, `rate`, `ifsc_code`, `acc_num`, `acc_holder_name` ) values (?,?,?,?,?);';
/* field names expected in REQUEST array and associated data type for filtering */
$args=array(
'emp_name' => FILTER_SANITIZE_STRING,
'rate' => FILTER_SANITIZE_NUMBER_INT, /* assumed that rate is an integer */
'ifsc_code' => FILTER_SANITIZE_STRING,
'acc_num' => FILTER_SANITIZE_NUMBER_INT, /* assumed that acc_num is an integer ?? */
'acc_holder_name' => FILTER_SANITIZE_STRING
);
/* filter REQUEST array using above arguments */
filter_input_array( INPUT_REQUEST, $args );
/* extract variables */
extract( $_REQUEST );
/* If all the variables were extracted correctly after filtering - proceed */
if( $emp_name && $rate && $ifsc_code && $acc_num && $acc_holder_name ){
/* if the filter failed this will probably never be called but... */
if( !is_integer( $rate ) ) throw new Exception('rate is not an integer');
/* create a prepared statement */
$stmt=$link->prepare( $sql );
/* If the query failed for some reason - abandon ship */
if( !$stmt )throw new Exception( sprintf( 'error preparing sql query: %s', $stmt->error ) );
/* assumed that rate and acc_num is an integer ?? */
$stmt->bind_param( 'sisis', $emp_name, $rate, $ifsc_code, $acc_num, $acc_holder_name );
/* execute the query */
$result = $stmt->execute();
if( $result ){
echo "Success";
} else {
throw new Exception( sprintf( "Bogus! %s", $stmt->error ) );
}
} else {
throw new Exception( 'an error occurred extracting one or more variables - check "$args" array!' );
}
} catch( Exception $e ){
exit( $e->getMessage() );
}
?>