我正在使用预准备语句通过使用MySQL函数AES_ENCRYPT的PHP脚本来处理数据。问题是,它不会插入,我收到一个错误:
致命错误:带有消息'SQLSTATE [42000]的未捕获异常'PDOException':语法错误或访问冲突:1064 SQL语法中有错误;检查与您的MySQL服务器版本对应的手册,以便在''Kelly','33 -04-33','female','true','false','false','false'附近使用正确的语法,位于G:\ PleskVhosts \ insurancemidam.com \ httpdocs \ test \ includes.php的第1行'乡村路线O':186堆栈跟踪:#0 G:\ PleskVhosts \ insurancemidam.com \ httpdocs \ test \ includes.php( 186):PDOStatement-> execute()#1 G:\ PleskVhosts \ insurancemidam.com \ httpdocs \ test \ confirmation.php(191):dataBaseAccess-> insertChildren('11','ca25bff56b00791 ...',' Kelly','33 -04-33','female','44444444','false','false','false','true','Rural Route One ...')#2 {main}抛出在第186行的G:\ PleskVhosts \ insurancemidam.com \ httpdocs \ test \ includes.php
我已经尝试了很多事情无济于事,我真的很感激任何指导或指导。
我的PHP
public function insertChildren($employeeID, $key, $childName, $childBirth, $childGender, $childSSN, $isStep, $isFoster, $isStudent, $isHandicap, $address) {
$conn = $this->connect('insurance');
$insertChildren = $conn->prepare("INSERT INTO dependent_children (emp_id, ssn, name, dob, gender, handicap, student, foster, step, address) VALUES (:emp_id, AES_ENCRYPT(:ssn, $key), :name, :dob, :gender, :handicap, :student, :foster, :step, :address)");
echo "<h2>$childGender</h2>";
$insertChildren->bindParam(":emp_id", $employeeID, PDO::PARAM_INT);
$insertChildren->bindParam(":name", $childName, PDO::PARAM_STR);
$insertChildren->bindParam(':dob', $childBirth, PDO::PARAM_STR);
$insertChildren->bindParam(':gender', $childGender, PDO::PARAM_STR);
$insertChildren->bindParam(':ssn', $childSSN, PDO::PARAM_LOB);
$insertChildren->bindParam(':handicap', $isHandicap, PDO::PARAM_STR);
$insertChildren->bindParam(':student', $isStudent, PDO::PARAM_STR);
$insertChildren->bindParam(':foster', $isFoster, PDO::PARAM_STR);
$insertChildren->bindParam(':step', $isStep, PDO::PARAM_STR);
$insertChildren->bindParam(':address', $address, PDO::PARAM_STR);
$insertChildren->execute();
echo var_dump($insertChildren);
}
再次,非常感谢你的帮助。
编辑:固定代码
$insertChildren = $conn->prepare('INSERT INTO dependent_children (emp_id, ssn, name, dob, gender, handicap, student, foster, step, address) VALUES (:emp_id, AES_ENCRYPT(:ssn, :key), :name, :dob, :gender, :handicap, :student, :foster, :step, :address)');
echo "<h2>$childGender</h2>";
$insertChildren->bindParam(":emp_id", $employeeID, PDO::PARAM_INT);
$insertChildren->bindParam(":name", $childName, PDO::PARAM_STR);
$insertChildren->bindParam(':dob', $childBirth, PDO::PARAM_STR);
$insertChildren->bindParam(':gender', $childGender, PDO::PARAM_STR);
$insertChildren->bindParam(':key', $key, PDO::PARAM_LOB);
$insertChildren->bindParam(':ssn', $childSSN, PDO::PARAM_LOB);
$insertChildren->bindParam(':handicap', $isHandicap, PDO::PARAM_STR);
$insertChildren->bindParam(':student', $isStudent, PDO::PARAM_STR);
$insertChildren->bindParam(':foster', $isFoster, PDO::PARAM_STR);
$insertChildren->bindParam(':step', $isStep, PDO::PARAM_STR);
$insertChildren->bindParam(':address', $address, PDO::PARAM_STR);
$insertChildren->execute();
echo var_dump($insertChildren);
}
答案 0 :(得分:1)
问题是$key没有绑定,它是一个字符串,会破坏查询。
选项是a)绑定它b)引用它(这个选项使得其他绑定毫无意义,因为值中的单个引号仍然会破坏它。)
将查询更新为:
$insertChildren = $conn->prepare("INSERT INTO dependent_children (emp_id, ssn, name, dob, gender, handicap, student, foster, step, address) VALUES (:emp_id, AES_ENCRYPT(:ssn, :key), :name, :dob, :gender, :handicap, :student, :foster, :step, :address)");
和绑定到:
$insertChildren->bindParam(':key', $key, PDO::PARAM_STR);