$ _POST变量填充，但没有发布在MySQL分贝

Question

我有一个基本的形式与文件上传部分。当我提交表格时，没有提交给数据库。当我用x-debug进行调试时，我可以看到$ _POST变量都被填充并正确。

这是形式：

<form id="classifiedsForm" enctype="multipart/form-data" action="{$self}" method="post" autocomplete="off"> 
     <fieldset> 
      <label>Basic Details</label> 
      <section> 
       <label for="headline">Headline</label> 
       <div><input type="text" id="headline" name="headline" required title="A headline for your ad"> 
       </div> 
      </section> 
      <section><label for="img">Add an image<br><span>Image should be 300x300px and jpg or png. Don't worry. We do the curvy corners thing.</span></label> 
       <div> 
        <input type="file" id="img" name="img"> 
       </div> 
      </section> 
      <section> 
       <label for="description">Description</label> 
       <div><input type="text" id="description" name="description" required title="A description for your ad"> 
       </div> 
      </section> 
      <section> 
       <label for="contact">Contact</label> 
       <div><input type="text" id="contact" name="contact" required title="A contact email address"> 
       </div> 
      </section> 
      <section> 
       <label for="category">Category</label> 
       <div> 
        <select name="category" id="country"> 
         <optgroup label="Category"> 
          {foreach item=c from=$categories} 
           <option name="category" value="{$c.name}">{$c.name}</option> 
          {/foreach} 
         </optgroup> 
        </select> 
       </div> 
      </section> 
      <section> 
       <label for="buySell">Sign up to newsletter?</label> 
       <div> 
        <input type="radio" id="yes_radio" name="buySell" value="1"><label>Buy</label> 
        <input type="radio" id="no_radio" name="buySell" value="0"><label>Sell</label> 
       </div> 
      </section> 
      <section> 
       <div> 
        <button name="submit" class="submit" value="update" type="submit">Update</button> 
       </div> 
      </section> 
     </fieldset> 
    </form> 

这是控制器：

include '../common.php'; 

session_start(); 

$userID = $_SESSION['email']['id']; 


if(empty($_SESSION['email'])) 
{ 
header("Location: ../login.php"); 
die("Redirecting to login.php"); 
} 

$title = 'Your Profile'; 


//CATEGORIES QUERY 

try 
{ 
$sql = "SELECT * FROM `categories` ORDER BY `name` ASC"; 

$result = $pdo->query($sql); 
} 
catch (PDOException $e) 
{ 
$error = 'Error fetching classifieds: ' . $e->getMessage(); 
include '../includes/error.html.php'; 
exit(); 
} 

foreach ($result as $row) 
{ 
$categories[] = array(
    'id' => $row['id'], 
    'name' => $row['name']); 
} 

if ($_SERVER['REQUEST_METHOD'] == "POST"){ 
try 
{ 
    $sql = "INSERT INTO `classifieds` SET 
    `headline` = :headline, 
    `description` = :description, 
    `contact` = :contact, 
    `buySell` = :buySell, 
    `category` = :category, 
    `user_id` = $userID"; 

    $s = $pdo->prepare($sql); 
    $s->bindValue(':headline', $_POST['headline']); 
    $s->bindValue(':description', $_POST['description']); 
    $s->bindValue(':contact', $_POST['contact']); 
    $s->bindValue(':buySell', $_POST['buySell']); 
    $s->bindValue(':category',$_POST['category']); 
    $s->bindValue(':userID', $userID); 
    $s->execute(); 
} 
catch (PDOException $e) 
{ 
    $error = 'Error adding advert.'; 
    include '../includes/error.html.php'; 
    exit(); 
} 
} 

$smarty->assign('title', $title); 
$smarty->assign('categories', $categories); 
$smarty->assign('userID', $userID); 
$smarty->display('add-classifieds.tpl'); 

和MySQL表：

CREATE TABLE `classifieds` (
    `id` int(11) NOT NULL AUTO_INCREMENT, 
    `create_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, 
    `headline` varchar(255) NOT NULL, 
    `img` varchar(255) DEFAULT NULL, 
    `description` varchar(255) NOT NULL, 
    `contact` varchar(255) NOT NULL, 
    `buySell` int(1) NOT NULL, 
    `category` varchar(255) NOT NULL, 
    `user_id` int(11) NOT NULL, 
    PRIMARY KEY (`id`), 
    KEY `user_id` (`user_id`) 
) ENGINE=InnoDB AUTO_INCREMENT=39 DEFAULT CHARSET=latin1; 

任何帮助，这是大规模的赞赏。谢谢。

Answer 1

$sql = "INSERT INTO `classifieds` SET 
`headline` = :headline, 
`description` = :description, 
`contact` = :contact, 
`buySell` = :buySell, 
`category` = :category, 
`user_id` = $userID"; 

最后一行是不正确的，应该是:userID。你应该从中得到一个错误（Number of variables doesn't match number of parameters in prepared statement）。

虽然在开发模式下，你应该回声异常消息：

echo $e->getMessage();

那会已经立即带领您到这个解决方案。

Answer 2

福尔摩斯是正确的，但如果我可以添加一些可能让你的生活容易得多....你可以传递一个数组到执行调用，而不是直接单独结合每个变量，如果你命名你的表单元素同你的数据库的cols你可以做这样的事情：

//make list of allowed POST form fields/db columns with matching names 
$allowable_vars = array(
    'headline' 
    ,'description' 
    ,'contact' 
    ,'buySell' 
    ,'category' 
); 

//array flip turns values into keys 
//array intersect key removes any POST values not in the allowed list 
//but keeps the values of POST for the keys that do match 

$post_vals = array_intersect_key($_POST,array_flip($allowable_vars)); 

//add any values not coming from POST or that do not match for some reason 
$post_vals['user_id'] = $userID; 

//prepare as normally would 
$s = $pdo->prepare($sql); 

//bind and execute at same time 
$s->execute($post_vals); 

列占位符之前结肠只需要在查询，而不是在绑定呼叫命名......具有允许键使维护更容易如果添加新的表单字段，你不需要跟踪单个绑定了添加新列。