我正在尝试使用查询在我的数据库中插入一些日志数据,以后当有人更改密码时我将需要它,但是我无法添加插入查询,我总是在标题中遇到此错误,这是我的代码
$oldpw = $_POST['oldpw'];
$newpwd = $_POST['newpwd'];
$newpwd2 = $_POST['newpwd2'];
$username = LoggedUser()['Username'];
$qvars = [':User'=>$username,':oldpw'=>md5($oldpw)];
$qvars[':pass'] = md5($newpwd);
$insertuser = query("insert into SRO_VT_WEBSITE..TB_User (StrUserID,encrypted_password,old_password,new_password) values (:User,:oldpw,'$oldpw','$newpwd')", $qvars);
这是conn文件的代码以及其中的“查询”功能
function Open($host, $user, $pass, $acc, $shd, $log)
{
global $conn;
global $array;
global $_allowSecretCode;
global $_secretCodeColumn;
$conn = new PDO("sqlsrv:server=$host;database=$acc", $user, $pass,[PDO::ATTR_TIMEOUT=>5]);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$array[] = $host;
$array[] = $user;
$array[] = $pass;
$array[] = $acc;
$array[] = $shd;
$array[] = $log;
if ($_allowSecretCode && !ColExist($_secretCodeColumn, "TB_User", $array[3]))
$_allowSecretCode = false;
}
/* Execute a Query */
function query($query, array $args)
{
try {
global $conn;
$q = $conn->prepare($query);
$q->execute($args);
//_log("db.log", "QueryExecuted: " . $query . "\n"); logging
} catch (PDOException $e) {
HandleException($e, $query);
} catch (Exception $e) {
HandleException($e, $query);
}
return $q;
}
答案 0 :(得分:0)
您需要在此处绑定查询参数:
$q = $conn->prepare($query);
$q->execute($args);
https://www.php.net/manual/en/mysqli-stmt.bind-param.php https://www.php.net/manual/en/pdostatement.bindparam.php