我在类文件中使用 PHP 和 PDO 以及准备好的语句。我不断收到错误:警告:mysql_real_escape_string():用户访问被拒绝。当方法被调用。我真的不知道如何解决这个问题。
这是类文件中的方法:
public function insertReview() {
$fk_employee = $_POST['fk_employee'];
// Current Date returned from JQuery and formatted to add to DB.
$cdate = $_POST['current_date'];
$current_date = explode("/", $cdate);
$cmonth = $current_date[0];
$cday = $current_date[1];
$cyear = $current_date[2];
$current_dateA = array($cyear, $cmonth, $cday);
$review_date = implode("-", $current_dateA);
// Review Begin Date returned from JQuery Datepicker and formatted to add to DB.
$bdate = $_POST['r_period_begin'];
$begin_date = explode("/", $bdate);
$bmonth = $begin_date[0];
$bday = $begin_date[1];
$byear = $begin_date[2];
$begin_dateA = array($byear, $bmonth, $bday);
$r_period_begin = implode("-", $begin_dateA);
// Review End Date returned from JQuery Datepicker and formatted to add to DB.
$edate = $_POST['r_period_end'];
$end_date = explode("/", $edate);
$emonth = $end_date[0];
$eday = $end_date[1];
$eyear = $end_date[2];
$end_dateA = array($eyear, $emonth, $eday);
$r_period_end = implode("-", $end_dateA);
// Criteria
$criterias = $_POST['criteria'];
$criteriaValue = $_POST['criteriaValue'];
$comments = $_POST['Comments'];
foreach ($criteriaValue as $key => $value ){
foreach( $criterias as $crit ){
if( $crit == $key ){
$string1 = $key;
foreach( $comments as $comment => $comm ){
if( $string1 == $comment ){
$string3 = $comm;
}
}
}
}
foreach ( $value as $result ){
$string2 = $result;
}
$criteria .= mysql_real_escape_string( $string1 . '|' . $string2 . '|' . $string3 . '|' );
}
$overall_rating = $_POST['overall_rating'];
$additional_comments = $_POST['additional_comments'];
$goals = $_POST['goals'];
$conn = parent::connect();
$sql = "INSERT INTO " . TBL_EMPLOYEE_REVIEW . " (
fk_employee,
review_date,
r_period_begin,
r_period_end,
criteria,
overall_rating,
additional_comments,
goals
) VALUES (
:fk_employee,
:review_date,
:r_period_begin,
:r_period_end,
:criteria,
:overall_rating,
:additional_comments,
:goals
)";
try {
$st = $conn->prepare( $sql );
$st->bindValue( ":fk_employee", $fk_employee, PDO::PARAM_STR );
$st->bindValue( ":review_date", $review_date, PDO::PARAM_STR );
$st->bindValue( ":r_period_begin", $r_period_begin, PDO::PARAM_STR );
$st->bindValue( ":r_period_end", $r_period_end, PDO::PARAM_STR );
$st->bindValue( ":criteria", quote($criteria), PDO::PARAM_STR );
$st->bindValue( ":overall_rating", $overall_rating, PDO::PARAM_STR );
$st->bindValue( ":additional_comments", $additional_comments, PDO::PARAM_STR );
$st->bindValue( ":goals", $goals, PDO::PARAM_STR );
$st->execute();
parent::disconnect( $conn );
} catch ( PDOException $e ) {
echo $e->getFile();
echo $e->getTraceAsString();
echo "The exception was created on line: " . $e->getLine();
die( "Query failed: " . $e->getMessage() );
}
}