-2

我的表单正在从 jquery 日期选择器中捕获日期,该表单在没有日期选择器的情况下可以正常工作,但是有了它,它只会给出这个错误:

Error: Unknown column '$time' in 'field list'

下面是我的 php & html 代码

<?php

    //form submitted
    if (isset($_POST['create'])) {
    //require db details
    require_once '../dblogin.php'; 
    //set flag
    $OK = false;
    // create database connection
    $conn = new mysqli ($host, $user, $password, $database) or die("Connection Failed");
    // initialize prepared statement
    $stmt = $conn->stmt_init();
    // create SQL to insert task
    $sql = 'INSERT INTO tasks (task_name, task_project_id, task_assignee_id, datepicker, task_created_by, task_schedule, task_duration, task_end_date, task_creation_date, task_notes, task_status)
          VALUES(?, ?, ?, ?, '.$_SESSION['id'].', ?, ?, $time, NOW(), ?, ?)';

        if ($stmt->prepare($sql)) {
        // bind parameters and execute statement
        $stmt->bind_param('siissss', $_POST['task_name'], $_POST['task_project_id'], $_POST['task_assignee_id'], $_POST['datepicker'], $_POST['task_duration'], $_POST['task_notes'], $_POST['task_status']);
        // execute and get number of affected rows
        $stmt->execute();
            if ($stmt->affected_rows > 0) {
            $OK = true;
            }
        }
        // redirect if successful or display error
        if ($OK) {
        header('Location: task_confirmation.php');
        exit;
        } else {
        $error = $stmt->error;
        }   
}
?>
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN”
“http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd”&gt;
<html xmlns=”http://www.w3.org/1999/xhtml”&gt;
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8” />
<title>Create new task</title>
<script src="http://code.jquery.com/jquery-1.9.1.js"></script>
<script src="http://code.jquery.com/ui/1.10.1/jquery-ui.js"></script>
<script>
    $(function() {
        $( "#datepicker" ).datepicker({dateFormat: 'yy-mm-dd' });
    });
</script>
<link rel="stylesheet" type="text/css" href="../allcss/style.css" />
</head>

<body>

<?php
require('../Login/includes/header.inc.php');
?>

<div id="content">
<?php if (isset($error)) {
  echo "<p>Error: $error</p>";
} ?>
<form id="form1" method="post" action="">
<div id="add">
  <p>
    <label for="task_name"class="title">Task name:</label>
    <input name="task_name" type="text" class="widebox" id="task_name">
  </p>
  <p>
    <span class="title">Project: </span><select name="task_project_id" size "5">
    <?php 
    require_once '../dblogin.php'; 
    $conn = new mysqli ($host, $user, $password, $database) or die("Connection Failed");
    $stmt2 = $conn->stmt_init();
    //pulls project names for the select element//
    $sql2 = 'select * from projects';
    $stmt2->prepare($sql2);
    $stmt2->execute();
    $result = $stmt2->get_result();
    while($resultRow = $result->fetch_array(MYSQLI_ASSOC))
    {
    var_dump($resultRow); 
        echo "<option value='".$resultRow[project_id]."'>".$resultRow[project_name]."</option>";

    }
     $result->close();
    $stmt2->close();
    ?>
    </select>
  </p>
  <p>
    <span class="title">Assignee: </span><select name="task_assignee_id" size "5">
    <?php 
    require_once '../dblogin.php'; 
    $conn = new mysqli ($host, $user, $password, $database) or die("Connection Failed");
    $stmt3 = $conn->stmt_init();
    //pulls intern names for the select element//
    $sql3 = "select * from users where user_role='INT'";
    $stmt3->prepare($sql3);
    $stmt3->execute();
    $result = $stmt3->get_result();
    while($resultRow = $result->fetch_array(MYSQLI_ASSOC))
    {
    var_dump($resultRow); 
        echo "<option value='".$resultRow[person_id]."'>".$resultRow[user_name]."</option>";

    }
     $result->close();
    $stmt3->close();
    ?>
    </select>
  </p>
  <p>
    <label for="dates"class="title">Schedule for:</label>
    <input name="datepicker" type="text" id="datepicker"/>
  </p>
  <p>
    <span class="title">Duration: </span><select name="task_duration" size "1">
    <option value="00:30:00">30 minutes</option>
    <option value="01:00:00">1 hour</option>
    <option value="01:30:00">1,5 hours</option>
    </select>
  </p>
  <p>
    <label for="task_notes"class="title">Additional notes:</label>
    <input name="task_notes" type="text" class="widebox" id="task_notes">
  </p>
  <p>
    <span class="title">task status: </span><select name="task_status" size "1">
    <option value="Complete">Complete</option>
    <option value="Incomplete">Incomplete</option>
    </select>
  </p>
  <p class="submit">
    <input type="submit" name="create" value="Create task" id="create">
  </p>
</div>
</form>
</div>

<?php
require('../Login/includes/footer.inc.php');
?>

</body>
</html>

谁能帮我解决这个问题

4

2 回答 2

1

出于某种原因,您没有对$time值使用准备好的语句(以及 $_SESSION['id'] )。

这要么很危险,要么是您遇到错误的真正原因。

$sql = 'INSERT INTO tasks (task_name, task_project_id, task_assignee_id,
        datepicker, task_created_by, task_schedule, task_duration, 
        task_end_date, task_creation_date, task_notes, task_status)
        VALUES(?, ?, ?, ?, ?, ?, ?, ?, NOW(), ?, ?)';

if ($stmt->prepare($sql)) {
// bind parameters and execute statement
    $stmt->bind_param('siisissss', $_POST['task_name'], $_POST['task_project_id'],
    $_POST['task_assignee_id'], $_POST['datepicker'], $_SESSION['id'],
    $_POST['task_duration'], $time, $_POST['task_notes'], $_POST['task_status']);

它应该是,或者类似的东西。您需要自己检查占位符、类型字符串和相应的值。

于 2013-04-22T09:32:29.223 回答
0

您正在为查询使用单引号。这种方式$time不会扩展到变量值。您应该像这样使用双引号 ( "):

"INSERT INTO tasks (task_name, task_project_id, task_assignee_id, datepicker, task_created_by, task_schedule, task_duration, task_end_date, task_creation_date, task_notes, task_status)
      VALUES(?, ?, ?, ?, ".$_SESSION['id'].", ?, ?, $time, NOW(), ?, ?)";

$_SESSION['id']另外,我认为您也应该为and使用参数$time,因为来自用户的所有内容都不能真正被信任。

于 2013-04-22T09:30:17.733 回答