PDO exec不想使用變量

Question

我在這裏做錯了什麼？我想可能exec的變量有問題，但我有一個simular命令在另一個地方工作。註釋部分返回int（1）作爲受影響的行，並且此代碼給我回以下錯誤。非常感謝你剛剛學習的建議。

"object(PDO)#2 (0) { } Array ([0] => 42000 [1] => 1064 [2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'try, Wed, 06 Mar 2013 13:25:09 +0200)' at line 1) " 

代碼：

<?php 
class gbMsg { 
    private $_db; 
    private $dbc; 

    function __construct(){ 
     $this->dbc = parse_ini_file($_SERVER["DOCUMENT_ROOT"]."/lock/conect.ini"); 
     try{ 
      $this->_db = new PDO($this->dbc["conn"], $this->dbc["user"], $this->dbc["pass"]); 
     }catch(PDOException $e){ 
      echo $e->getMessage(); 
     } 
    } 

    function addPost($name, $msg){ 
     echo var_dump($this->_db); 
     $d = date("r"); 
     $stmt = $this->_db->exec("INSERT INTO gPosts (name, message, date) VALUES ($name,$msg, now())") 
     or die(print_r($this->_db->errorInfo(), true)); 
     echo var_dump($stmt); 
    } 
} 

# function addPost(){ 
#  echo var_dump($this->_db); 
#  $stmt = $this->_db->exec("INSERT INTO gPosts (name, message, date) VALUES ('Kirill','sec', now())"); 
#  echo var_dump($stmt); 
# } 
#} 

Answer 1

用戶參數化查詢是更好的，但是，要解決你的問題：

$stmt = $this->_db->exec("INSERT INTO gPosts (name, message, date) 
VALUES (\"$name\",\"$msg\", now())") 

你忘了引號...

你可以閱讀更多關於參數化查詢和預處理語句：http://php.net/manual/en/pdo.prepared-statements.php

Answer 2

我想下面的東西也應該工作。恕我直言，這看起來很多更乾淨比mysql_ *風格轉義雙引號

$stmt = $this->_db->exec("INSERT INTO gPosts (name, message, date) 
VALUES ('$name','$msg', now())")