0

我有一个带有文件上传部分的基本表单。当我提交表单时,没有任何内容提交给数据库。当我使用 x-debug 进行调试时,我可以看到 $_POST 变量都已填充且正确。

这是表格:

<form id="classifiedsForm" enctype="multipart/form-data" action="{$self}" method="post" autocomplete="off">
        <fieldset>
            <label>Basic Details</label>
            <section>
                <label for="headline">Headline</label>
                <div><input type="text" id="headline"  name="headline" required title="A headline for your ad">
                </div>
            </section>
            <section><label for="img">Add an image<br><span>Image should be 300x300px and jpg or png. Don't worry. We do the curvy corners thing.</span></label>
                <div>
                    <input type="file" id="img" name="img">
                </div>
            </section>
            <section>
                <label for="description">Description</label>
                <div><input type="text" id="description"  name="description" required title="A description for your ad">
                </div>
            </section>
            <section>
                <label for="contact">Contact</label>
                <div><input type="text" id="contact"  name="contact" required title="A contact email address">
                </div>
            </section>
            <section>
                <label for="category">Category</label>
                <div>
                    <select name="category" id="country">
                        <optgroup label="Category">
                            {foreach item=c from=$categories}
                                <option name="category" value="{$c.name}">{$c.name}</option>
                            {/foreach}
                        </optgroup>
                    </select>
                </div>
            </section>
            <section>
                <label for="buySell">Sign up to newsletter?</label>
                <div>
                    <input type="radio" id="yes_radio" name="buySell" value="1"><label>Buy</label>
                    <input type="radio" id="no_radio" name="buySell" value="0"><label>Sell</label>
                </div>
            </section>
            <section>
                <div>
                    <button name="submit" class="submit" value="update" type="submit">Update</button>
                </div>
            </section>
        </fieldset>
    </form>

这是控制器:

include '../common.php';

session_start();

$userID = $_SESSION['email']['id'];


if(empty($_SESSION['email']))
{
header("Location: ../login.php");
die("Redirecting to login.php");
}

$title = 'Your Profile';


//CATEGORIES QUERY

try
{
$sql = "SELECT * FROM `categories` ORDER BY `name` ASC";

$result = $pdo->query($sql);
}
catch (PDOException $e)
{
$error = 'Error fetching classifieds: ' . $e->getMessage();
include '../includes/error.html.php';
exit();
}

foreach ($result as $row)
{
$categories[] = array(
    'id' => $row['id'],
    'name' => $row['name']);
}

if ($_SERVER['REQUEST_METHOD'] == "POST"){
try
{
    $sql = "INSERT INTO `classifieds` SET
    `headline` = :headline,
    `description` = :description,
    `contact` = :contact,
    `buySell` = :buySell,
    `category` = :category,
    `user_id` = $userID";

    $s = $pdo->prepare($sql);
    $s->bindValue(':headline', $_POST['headline']);
    $s->bindValue(':description', $_POST['description']);
    $s->bindValue(':contact', $_POST['contact']);
    $s->bindValue(':buySell', $_POST['buySell']);
    $s->bindValue(':category',$_POST['category']);
    $s->bindValue(':userID', $userID);
    $s->execute();
}
catch (PDOException $e)
{
    $error = 'Error adding advert.';
    include '../includes/error.html.php';
    exit();
 }
}

$smarty->assign('title', $title);
$smarty->assign('categories', $categories);
$smarty->assign('userID', $userID);
$smarty->display('add-classifieds.tpl');

和 mysql 表:

CREATE TABLE `classifieds` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `create_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
  `headline` varchar(255) NOT NULL,
  `img` varchar(255) DEFAULT NULL,
  `description` varchar(255) NOT NULL,
  `contact` varchar(255) NOT NULL,
  `buySell` int(1) NOT NULL,
  `category` varchar(255) NOT NULL,
  `user_id` int(11) NOT NULL,
  PRIMARY KEY (`id`),
  KEY `user_id` (`user_id`)
) ENGINE=InnoDB AUTO_INCREMENT=39 DEFAULT CHARSET=latin1;

非常感谢对此的任何帮助。谢谢。

4

2 回答 2

7 
$sql = "INSERT INTO `classifieds` SET
`headline` = :headline,
`description` = :description,
`contact` = :contact,
`buySell` = :buySell,
`category` = :category,
`user_id` = $userID";

最后一行不正确,应该是:userID. 您应该会从中得到一个错误(Number of variables doesn't match number of parameters in prepared statement)。

在开发模式下,您应该回显异常消息:

echo $e->getMessage();

那会立即引导您找到此解决方案。

于 2013-05-06T08:26:59.500 回答
0

Sherlock 是正确的,但如果我可以添加一些可能会让您的生活更轻松的东西......您可以将数组直接传递给执行调用,而不是单独绑定每个变量,并且如果您将表单元素命名为与您的数据库相同cols 你可以这样做:

//make list of allowed POST form fields/db columns with matching names
$allowable_vars = array(
     'headline'
    ,'description'
    ,'contact'
    ,'buySell'
    ,'category'
);

//array flip turns values into keys
//array intersect key removes any POST values not in the allowed list
//but keeps the values of POST for the keys that do match

$post_vals = array_intersect_key($_POST,array_flip($allowable_vars));

//add any values not coming from POST or that do not match for some reason
$post_vals['user_id'] = $userID;

//prepare as normally would
$s = $pdo->prepare($sql);

//bind and execute at same time
$s->execute($post_vals);

仅在查询中需要列占位符之前的冒号,而不是在绑定调用命名中...如果您添加新的表单字段,那么拥有允许的键可以使维护更容易添加新列,因为您不需要跟踪个人绑定了。

于 2013-05-06T08:50:56.333 回答