这段代码就是我试图处理查询的时候,删除或插入都没有影响。为什么sql查询不执行?
id是正确的,conn.php是正确的。
我只是在SQL查询复制到phpMyAdmin来测试和它的工作原理。
,我把try{}
一个echo "test";
之间它呼应了。
谢谢
<?
include("../connection/conn.php");
session_start();
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// list out the pervious create list
//$id=$_GET['id'];
$id=3;
try{
$sql = 'INSERT INTO delete_list SELECT * FROM list WHERE ListID=?';
$stmt = $conn->prepare($sql);
$stmt->execute(array($id));
}
catch(PDOException $e)
{
die ($e->getMessage().'<a href="view.php"> Back</a>');
}
try{
$sql = 'INSERT INTO delete_user_list SELECT * FROM user_list WHERE ListID=?';
$stmt = $conn->prepare($sql);
$stmt->execute(array($id));
}
catch(PDOException $e)
{
die ($e->getMessage().'<a href="view.php"> Back</a>');
}
try{
$sql = 'INSERT INTO delete_require_attributes SELECT * FROM require_attributes WHERE ListID=?';
$stmt = $conn->prepare($sql);
$stmt->execute(array($id));
}
catch(PDOException $e)
{
die ($e->getMessage().'<a href="view.php"> Back</a>');
}
try{
$sql = 'INSERT INTO delete_subscriber SELECT * FROM subscriber WHERE ListID=?';
$stmt = $conn->prepare($sql);
$stmt->execute(array($id));
$count=$stmt->rowCount();
}
catch(PDOException $e)
{
die ($e->getMessage().'<a href="view.php"> Back</a>');
}
try{
$sql = 'INSERT INTO delete_list_sub SELECT * FROM list_sub WHERE ListID=?';
$stmt = $conn->prepare($sql);
$stmt->execute(array($id));
}
catch(PDOException $e)
{
die ($e->getMessage().'<a href="view.php"> Back</a>');
}
try{
$sql = 'DELETE FROM list WHERE ListID = ?';
$stmt = $conn->prepare($sql);
$stmt->execute(array($id));
}
catch(PDOException $e)
{
die ($e->getMessage().'<a href="view.php"> Back</a>');
}
echo "The list has been deleted.".$count." subscribers has been removed. <a href='view.php'> Back</a>";
?>
我加入
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
和错误是
SQLSTATE[42S22]: Column not found: 1054 Unknown column 'ListID' in 'where clause' Back
这是伟大的,你使用的PDO,但如果你不使用参数化查询,你还是留下一个巨大的安全漏洞。 – lonesomeday 2012-03-20 18:13:44