使用通用 ODBC 驱动程序的占位符

发布于 2024-08-11 23:57:27 字数 1102 浏览 2 评论 0原文

目前，我正在提交表单以考虑单引号和单引号。其他垃圾。

 $form_field_value= str_replace("'", "''", stripslashes($form_field_value));

它是使用以下方法准备插入值：

 $insert_sql = "insert into table (field) values ('".$form_field_value."')";
 odbc_exec($conn, $insert_sql);

本质上，我想对这些插入/更新语句使用占位符。

我尝试将 $par1 和 $par2 定义为文字，然后执行它

$insert_sql = "insert into table (field,txt) values (?,?)";
odbc_exec($conn, $insert_sql, $par1, $par2);

失败并给出了此错误：

警告：odbc_exec() [function.odbc-exec]: SQL错误：[Microsoft][ODBC SQL Server Driver]COUNT 字段不正确或语法错误，test.php 第 10 行 SQLExecDirect 中的 SQL 状态 07001

第 10 行是 exec 语句。

我找不到与此 odbc 驱动程序一起使用占位符的语法。有什么建议吗？

$conn 连接变量工作正常。

EDIT:

最后一次尝试仍然失败 - odbc_execute() 是一个未定义的函数。我必须使用 odbc_exec()

$par1="eggs";
$par2="milk";

$insert_crs = "insert into table (field,txt) values (?,?)";
$stmt = odbc_prepare($conn, $insert_sql); 

odbc_exec($stmt, array($par1, $par2));

原文

Currently, I'm peppering form submissions to account for single quotes & other garbage.

 $form_field_value= str_replace("'", "''", stripslashes($form_field_value));

It is to prep the value for insertion using:

 $insert_sql = "insert into table (field) values ('".$form_field_value."')";
 odbc_exec($conn, $insert_sql);

Essentially, I want to use placeholders for these insert/update statements.

I tried defining $par1 and $par2 as literals and then executing this

$insert_sql = "insert into table (field,txt) values (?,?)";
odbc_exec($conn, $insert_sql, $par1, $par2);

It failed and gave me this error:

Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC SQL Server Driver]COUNT field incorrect or syntax error, SQL state 07001 in SQLExecDirect in test.php on line 10

Line 10 is the exec statement.

I can't find syntax for using placeholders with this odbc driver. Any suggestions?

The $conn connection variable is working fine.

EDIT:

Last attempt still failing - odbc_execute() is an undefined function. I have to use odbc_exec()

$par1="eggs";
$par2="milk";

$insert_crs = "insert into table (field,txt) values (?,?)";
$stmt = odbc_prepare($conn, $insert_sql); 

odbc_exec($stmt, array($par1, $par2));

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

ˉ厌 2024-08-18 23:57:27

根据 http://www.php.net/manual/en/ function.odbc-prepare.php ，您应该准备然后执行 SQL 语句，并且您应该为 dobc_execute() 的第三个参数提供一个新数组：

<?php
$a = 1;
$b = 2;
$c = 3;
$stmt    = odbc_prepare($conn, 'CALL myproc(?,?,?)');
$success = odbc_execute($stmt, array($a, $b, $c));
?>

这意味着您的代码应该如下所示：

$insert_sql = "insert into table (field,txt) values (?,?)";
// the following line is new, compared to your code
$stmt = odbc_prepare($conn, $insert_sql); 
// note that the following line wraps $par1 and $par2 with array()
// struck out version was incorrect - copy/paste error :(
odbc_exec($stmt, $insert_sql, array($par1, $par2));
odbc_execute($stmt, array($par1, $par2));

According to http://www.php.net/manual/en/function.odbc-prepare.php , you should be preparing then executing your SQL statement, and you should be providing a new array for the third argument to dobc_execute():

<?php
$a = 1;
$b = 2;
$c = 3;
$stmt    = odbc_prepare($conn, 'CALL myproc(?,?,?)');
$success = odbc_execute($stmt, array($a, $b, $c));
?>

That means your code should look like:

$insert_sql = "insert into table (field,txt) values (?,?)";
// the following line is new, compared to your code
$stmt = odbc_prepare($conn, $insert_sql); 
// note that the following line wraps $par1 and $par2 with array()
// struck out version was incorrect - copy/paste error :(
odbc_exec($stmt, $insert_sql, array($par1, $par2));
odbc_execute($stmt, array($par1, $par2));

回复收藏 0 原文

~没有更多了~