PHP存儲過程添加錯誤

Question

我想數據與存儲過程添加到我的桌子，但我有此錯誤：

Gönder Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Teknoloji,V,,1)' at line 1' in C:\xampp\htdocs\berat\isyerikayit.php:142 Stack trace: #0 C:\xampp\htdocs\berat\isyerikayit.php(142): PDO->query('CALL isyerikayi...', 2) #1 {main} thrown in C:\xampp\htdocs\berat\isyerikayit.php on line 142

<?php 
     if (isset($_POST['gonder'])) 
    { 
     $adi = $_POST["adi"]; 
     $calismaturu = $_POST["calismaturu"]; 
     $iscigucu = $_POST["iscigucu"]; 
     $hizmetturu = $_POST["hizmetturu"]; 
     $butce = $_POST["butce"]; 
     if($calismaturu == 'V') 
      { 
       $sorgu= $db->query("CALL isyerikayitV($adi,$calismaturu,$iscigucu,$hizmetturu)",PDO::FETCH_ASSOC); 

       echo '<script>alert("Hizmet Veren Firma Eklendi.");</script>'; 
      } 
     else 
      { 
       $sorgu= $db->query("CALL isyerikayitE($adi,$calismaturu,$butce)",PDO::FETCH_ASSOC); 

       echo '<script>alert("Hizmet Edilen Firma Eklendi.");</script>'; 
      } 


    } 
    ?> 

我isyerikayitE()和isyerikayitV程序7.

Answer 1

看來$iscigucu爲空：

「對應於您的MariaDB的服務器版本使用附近的‘TEKNOLOJI，V ,, 1）’正確的語法」

和所有字符串變量是缺少報價：

迅速解決是這樣做的：

$iscigucu = empty($_POST["iscigucu"]) ? "''" : "'".$_POST["iscigucu"]."'"; 

對於它們中的每一個。

或

$iscigucu = "'".$iscigucu."'" 

但要解決這個問題的正確方法是使用準備好的語句：

$call = mysqli_prepare($mysqli, 'CALL test_proc(?, ?, ?, ?)'); 
mysqli_stmt_bind_param($call, 'ssss', $adi,$calismaturu,$iscigucu,$hizmetturu); 
mysqli_stmt_execute($call); 

看看：http://php.net/manual/en/mysqli-stmt.bind-param.php