PHP和MySql-如何使这个插入查询工作?
这是我的代码:PHP和MySql-如何使这个插入查询工作?,php,mysql,Php,Mysql,这是我的代码: public function cadastrar(Family $family){ var_dump($family); //just to verify $objDb = new db_con(); $conn = $objDb->getConn(); //REGISTER FAMILY INTO DATABASE $sql = "insert into family(family_
public function cadastrar(Family $family){
var_dump($family); //just to verify
$objDb = new db_con();
$conn = $objDb->getConn();
//REGISTER FAMILY INTO DATABASE
$sql = "insert into family(family_declaracao_renda,
familia_renda_mensal,
family_assinatura_local,
family_assinatura_dia,
family_assinatura_mes,
family_assinatura_ano,
family_deficiente_presente,
family_adaptacao_necessaria_imovel)
values( '$family->getDeclaracaoRendaFamiliar()',
'$family->getRendaBrutaMensal()',
'$family->getAssinaturaLocal()',
'$family->getAssinaturaDia()',
'$family->getAssinaturaMes()',
'$family->getAssinaturaAno()',
'$family->getDeficientePresente()',
'$family->getAdaptacaoImovelNecessaria()')";
//Executar query
if (mysqli_query($conn, $sql)){
echo 'SUCCESS!';
} else {
echo 'ERROR!';
}
}
所以我知道你可以把变量放在'variable1','variable2'之间。我正在从此对象调用类方法,我缺少什么?准备查询,这是保护数据库免受SQLInjection类型攻击的最佳方法。它还处理许多引用问题和其他事情
$sql = 'INSERT INTO family(
family_declaracao_renda,
familia_renda_mensal,
family_assinatura_local,
family_assinatura_dia,
family_assinatura_mes,
family_assinatura_ano,
family_deficiente_presente,
family_adaptacao_necessaria_imovel
)VALUES(
?,
?,
?,
?,
?,
?,
?,
?
)';
$stmt = mysqli_stmt_init($link);
mysqli_stmt_prepare($stmt, $sql);
mysqli_stmt_bind_param(
$stmt,
'ssssssss', //must be the same as number of argments, types s=string, i=int, d=double/float, b=blob
$family->getDeclaracaoRendaFamiliar(),
$family->getRendaBrutaMensal(),
$family->getAssinaturaLocal(),
$family->getAssinaturaDia(),
$family->getAssinaturaMes(),
$family->getAssinaturaAno(),
$family->getDeficientePresente(),
$family->getAdaptacaoImovelNecessaria()
);
//Executar query
if (mysqli_stmt_execute($stmt)){
echo 'SUCCESS!';
} else {
echo 'ERROR!';
}
这并不难,即使MySqli过程接口是垃圾。考虑使用面向对象的接口,或者切换到PDO我的首选。MySqli的OOP接口稍微简单一点,但我不会仅仅为了篇幅的缘故而讨论它。您可以在PHP.net上查找它,或者我确信那里有一些教程
一句警告的话,我已经好几年没有使用MySqli了,可能是6-8,程序风格甚至更长。所以我不能保证它会像我这里的一样工作。事实上,我认为我从来没有使用过MySqli的程序风格。当我离开mysql时,我可以做准备好的语句是在PHP5.3 2010ish的中期运行,大概是在我完成web设计学院一年后,我开始在代码中使用OOP类和对象。所以我刚才从PHP.net复制的大部分mysqli代码
在PDO中:
$sql = 'INSERT INTO family(
family_declaracao_renda,
familia_renda_mensal,
family_assinatura_local,
family_assinatura_dia,
family_assinatura_mes,
family_assinatura_ano,
family_deficiente_presente,
family_adaptacao_necessaria_imovel
)VALUES(
:family_declaracao_renda,
:familia_renda_mensal,
:family_assinatura_local,
:family_assinatura_dia,
:family_assinatura_mes,
:family_assinatura_ano,
:family_deficiente_presente,
:family_adaptacao_necessaria_imovel
)';
try{
$stmt = mysqli_stmt_init($link);
$Pdo->prepare($sql)->execute([
':family_declaracao_renda' => $family->getDeclaracaoRendaFamiliar(),
':familia_renda_mensal' => $family->getRendaBrutaMensal(),
':family_assinatura_local' => $family->getAssinaturaLocal(),
':family_assinatura_dia' => $family->getAssinaturaDia(),
':family_assinatura_mes' => $family->getAssinaturaMes(),
':family_assinatura_ano' => $family->getAssinaturaAno(),
':family_deficiente_presente' => $family->getDeficientePresente(),
':family_adaptacao_necessaria_imovel'=> $family->getAdaptacaoImovelNecessaria(),
]);
}catch(PDOException $e){
echo "PDOException[{$e->getCode()}] {$e->getMessage()} in {$e->getFile()} on {$e->getLine()}";
}
在PDO中,您可以使用命名的占位符:name而不是?当MySqli使用时,您仍然可以使用?在PDO中。我通常做的是复制字段名,并将:添加到它们的前面。命名占位符可以轻松跟踪值的去向,执行中使用的数据数组的顺序甚至无关紧要。正如您所看到的,mysqli版本大约需要4次调用,PDO版本只需要2次,并且使用方法链接$PDO->prepare$sql->execute。。。您甚至不需要将它放在另一行或设置局部变量。这相当于:
//$Pdo->prepare($sql)->execute(...)
$stmt = $Pdo->prepare($sql); //returns PDOStatement
$stmt->execute(...); //makes a call on PDOStatement
因为$Pdo->prepare$sql在不需要该对象的情况下返回一个Pdo语句,所以我们可以调用->execute。。。链中上一个方法的返回值。我觉得我应该解释一下,因为你可能不习惯使用对象。但是,链接使代码保持整洁,没有多余的变量,这使得跟踪事情变得更容易,因为要跟踪的事情更少
简言之,在MySqli和PDO中都很容易做到这一点,但是PDO非常值得学习如何使用,因为它有许多优点。更好的接口、更好的获取方法、命名占位符、异常等
干杯 您不能在字符串“$family->GetDeclaracoRendaFamiliar”中调用函数,请使用点来连接或使用变量。请使用准备好的语句。您也可以使用{}这样的值“{$family->GetDeclaracoRendaFamiliar'}”@MadhawaPriyashantha-在错误的位置使用撇号“}应该是}”,这是我在插入方法调用时首选的语法。那时比较短。。对于其他人所说的OP,请准备好您的查询。@ArtisticPhoenix是的,我的错误,谢谢。请重新检查,OP的字段/值数是否正确=>8/8@JaswinderSingh-是的,你说得对,不知道我怎么错过了那一次,哈哈,我想我累了。无论如何,我修正了答案。我还搬了一些东西,清理了一些东西,雅达雅达。。。谢谢
$sql = 'INSERT INTO family(
family_declaracao_renda,
familia_renda_mensal,
family_assinatura_local,
family_assinatura_dia,
family_assinatura_mes,
family_assinatura_ano,
family_deficiente_presente,
family_adaptacao_necessaria_imovel
)VALUES(
:family_declaracao_renda,
:familia_renda_mensal,
:family_assinatura_local,
:family_assinatura_dia,
:family_assinatura_mes,
:family_assinatura_ano,
:family_deficiente_presente,
:family_adaptacao_necessaria_imovel
)';
try{
$stmt = mysqli_stmt_init($link);
$Pdo->prepare($sql)->execute([
':family_declaracao_renda' => $family->getDeclaracaoRendaFamiliar(),
':familia_renda_mensal' => $family->getRendaBrutaMensal(),
':family_assinatura_local' => $family->getAssinaturaLocal(),
':family_assinatura_dia' => $family->getAssinaturaDia(),
':family_assinatura_mes' => $family->getAssinaturaMes(),
':family_assinatura_ano' => $family->getAssinaturaAno(),
':family_deficiente_presente' => $family->getDeficientePresente(),
':family_adaptacao_necessaria_imovel'=> $family->getAdaptacaoImovelNecessaria(),
]);
}catch(PDOException $e){
echo "PDOException[{$e->getCode()}] {$e->getMessage()} in {$e->getFile()} on {$e->getLine()}";
}