0

所以我的问题是:

我无法从我的 php 插入我的自动递增列

(unless I set the insert values to: '','','','$postdate','posttime').

但是:当我在 phpmyadmin 中使用下面的 DEBUGGED 插入语句时,它运行时不用担心。因此,有些东西阻止了我从我的 php 代码中插入。

这是我的代码:

$qinsert    =   "INSERT INTO `post` (text,sender,text_stamp,post_date,post_time) VALUES ('$message','$sender_id','$date','$postdate','$posttime')";
$finsert    =   mysql_query($qinsert);
$postID     =   mysql_insert_id();

这是调试器的输出:

 Date: Fri, 29 Mar 2013 11:02:53 -0400
 Sender: User's Name 
Message:
 Message Text
 Attachment: 
 Post-Date: 2013-03-29
 Post-Time: 08:02:55

 Q-INSRT: INSERT INTO `post` (text,sender,text_stamp,post_date,post_time) VALUES ('Message Text','User's Name ','Fri, 29 Mar 2013 11:02:53 -0400','2013-03-29','08:02:55')
  F-INST: 
  Post-ID:
4

3 回答 3

1

您是否在将变量放入数组之前对其进行转义?我不确定您的示例查询是否替换了文本和用户名,或者是逐字复制粘贴的。我将假设后者,因此请仔细查看您的查询:

[...] VALUES ('Message Text','User's Name ','Fri, [...]

“用户名”中间有一个撇号,所以它破坏了查询。确保在将每个变量插入查询之前对每个变量运行 mysql_real_escape_string($variable)。

$message_text = mysql_real_escape_string($_POST['message_text']);
$user_name = mysql_real_escape_string($_POST['user_name']);
$query = "INSERT INTO table (text, username) values ('$message_text', '$user_name')";
mysql_query($query);
于 2013-03-29T15:22:08.780 回答
0

你需要转义你的字符串,User's Name里面有一个单引号。您也不应该使用mysql_函数,它们已被弃用。但是,如果您坚持,请使用mysql_real_escape_string(),例如:

$qinsert    =   "INSERT INTO `post` (text,sender,text_stamp,post_date,post_time) VALUES ('" . mysql_real_escape_string($message) . "','" . mysql_real_escape_string($sender_id). " ','$date','$postdate','$posttime')";

您可能应该转义所有字符串,而不仅仅是消息和发件人。

理想情况下,您应该改用 PDO,如下所示:

$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';

$dbh = new PDO($dsn, $user, $password);
$sth = $dbh->prepare(
  "INSERT INTO post (text,sender,text_stamp,post_date,post_time) VALUES " .
  "(:message, :sender_id, :date, :postdate, :posttime)"
);
$sth->execute(array(
  ':message' => $message,
  ':sender_id' => $sender_id,
  ':date' => $date,
  ':postdate' => $postdate,
  ':posttime' => $posttime
));
于 2013-03-29T15:21:51.100 回答
0

这成功了:

require '../connect.php';
$email = file_get_contents('php://stdin');
preg_match_all("/(.*):\s(.*)\n/i", $email, $matches);

$message    = $matches[1][18];
$message    = str_replace('<HTML><HEAD></HEAD><BODY style="background-color:#ffffff">', '',$message);
$message    = explode('<',$message);
$message    = $message[0];
$sender     = $matches[2][2];
$sender     = explode('<',$sender); 
$sender_id  = $sender[0];

mysql_query("INSERT INTO `post` (`text`,`sender`,`text_stamp`,`post_date`,`post_time`) VALUES ('" . mysql_real_escape_string($message) . "','" . mysql_real_escape_string($sender_id) . "','" . mysql_real_escape_string($textdate) . "','$postdate','$posttime')") or die(mysql_error() . "<--There was error processing the query");
于 2013-04-03T04:34:44.953 回答