0
我有一個問題與mySQL,我真的不知道發生了什麼事情。我知道它與我的語法有關,但不完全是。爲什麼我的MySQL INSERT語句返回錯誤? PDOException SQLSTATE [42000]:
if(isset($_POST['newBtn'])) {
// Check that everything has values and something has been changed
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$title = $_POST['title'];
$smalldesc = $_POST['smalldesc'];
$fulldesc = $_POST['fulldesc'];
// username = $admin
// date = getdate(today in unix time stamp)
date_default_timezone_set('UTC');
$date = new DateTime();
$date = $date->getTimestamp();
if("Testing form. Not relevant.") {
echo "<div class='alert alert-warning'>You submitted blank data somewhere, or did not change any data from it's default.</div>";
} else {
$sqladd = "INSERT INTO theories(theory_name,small_desc,full_desc,author,create_date) VALUES ($title,$smalldesc,$fulldesc,$admin,$date)";
try {
$sth = $dbh->query($sqladd);
echo "<div class='alert alert-success'><b>Success!</b>You Have created a new theory that is availible for viewing to the public.</div>";
} catch(PDOExecption $e) {
echo "<div class='alert alert-error'><b>Error!</b>Could not add to database.<br />". $e->getMessage() ."</div>";
}
}
}
,我得到這個錯誤:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax
error or access violation: 1064 You have an error in your SQL syntax; check the manual that
corresponds to your MariaDB server version for the right syntax to use near 'Form,I
shouldn't be having this much of an issue with php.,I really hate when PH' at line 1' in
/srv/http/mt-chillad/users/admin-theories.php:42 Stack trace: #0 /srv/http/mt-
chillad/users/admin-theories.php(42): PDOStatement->execute() #1 {main} thrown in
/srv/http/mt-chillad/users/admin-theories.php on line 42
我從你的錯誤消息,引述如下: 「1064您的SQL語法錯誤;」。在執行它之前回顯查詢的最終版本,並查找任何明顯的錯誤。 – 2013-10-30 02:44:24
使用PDO並不意味着你是安全的從SQL注入你的代碼仍然是脆弱的,你需要使用準備好的語句 –