0

我用 PHP、HTML 和 SQL 编写脚本已经有一段时间了,我认为我的技能一般。我想通过 PDO 技能来加强我的 PHP,尤其是防止 SQL 注入。

我已经阅读并遵循了许多示例,但似乎总是被抛出

PHP Parse 错误:语法错误,意外的 T_ENCAPSED_AND_WHITESPACE" 错误

我对问题所在感到困惑。错误发生在应该执行的第 23 行。

我知道表单字段很好,因为这在没有 PDO 的情况下工作。自转换以来,我不断收到上述错误。[$var1-$var6为示例更改]。

 <?php if(isset($_POST['submit'])) {

 // connect to db include '/xxx/xxx/pdo-db-conn.php';

 // check db connection

 $subject = $_POST['subject'];
 $email = $_POST['email'];
 $name = $_POST['name'];
 $date = $_POST['date'];
 $var1 = $_POST['var1'];
 $var2 = $_POST['var2'];
 $var3 = $_POST['var3'];
 $var4 = $_POST['var4'];
 $var5 = $_POST['var5'];
 $var6 = $_POST['var6'];
 $sqli = "INSERT INTO mytable (subject,email,name,date,var1,var2,var3,var4,var5,var6) VALUES (:subject,:email,:name,:date,:var1,:var2,:var3,:var4,:var5,:var6)";
 $sql = $dbConn->prepare("$sqli");
 $sql->execute(array(':subject' => $subject, ':email' => $email, ':name' => $name, ':date' => $date, ':var1' => $var1, ':var2' => $var2, ':var3' => $var3, ':var4' => $var4, ':var5' => $var5, ':var6' => $var6)');
4

2 回答 2

4

你有一个'在数组的末尾。格式化您的代码将帮助您看到这种错误:)

 $sqli = "INSERT INTO mytable (subject,email,name,date,var1, var2, var3, var4, var5, var6) VALUES (:subject,:email,:name,:date,:var1,:var2,:var3,:var4,:var5,:var6)";

 $sql = $dbConn->prepare("$sqli");  
 $sql->execute(array(
    ':subject' => $subject, 
    ':email' => $email, 
    ':name' => $name, 
    ':date' => $date,
    ':var1' => $var1, 
    ':var2' => $var2, 
    ':var3' => $var3, 
    ':var4' => $var4, 
    ':var5' => $var5, 
    ':var6' => $var6
));
于 2013-01-10T10:37:57.793 回答
0

这是问题所在

INSERT INTO mytable >(subject,email,name,date,var1,
                    ^

删除这个>

'在最后删除

$var6)');
      ^
于 2013-01-10T10:34:40.330 回答