0
我正在使用以下准备好的语句通过帖子 从表单提交数据,用户数据已被过滤和消毒。使用PHP过滤函数然而,插入到MySQL中插入来自文本区域表单输入的“地址”值失败。我试过了各种版本的数据,似乎任何带有换行符“\ n \ t \ r”的输入都会失败,以及它们的HTML编码等效。我不认为这些对于MySQL来说是可能的吗?我错过了明显吗?已过滤/已过滤的表单textarea导致MySQL插入失败
感谢 PS如下:
// DB_Connection
$SP1 = 'call account_register(:Title, :Name, :Surname, :Email, :Mobile, :Password, :Status, :LoginIP, :Token, :TokenExpiry, :Company, :BuildingNumber, :Address, :Street, :City, :County, :PostCode, :ReturnStatus)';
$Statement = $DBConnection->prepare($SP1);
#Bind parameters
$Statement->bindParam(':Title', $_UserData['Title'], PDO::PARAM_STR);
$Statement->bindParam(':Name', $_UserData['Name'], PDO::PARAM_STR);
$Statement->bindParam(':Surname', $_UserData['Surname'], PDO::PARAM_STR);
$Statement->bindParam(':Email', $_UserData['Email'], PDO::PARAM_STR);
$Statement->bindParam(':Mobile', $_UserData['Mobile'], PDO::PARAM_STR);
$Statement->bindParam(':Password', $_UserData['Password'], PDO::PARAM_LOB);
$Statement->bindParam(':Status', $_UserData['UserStatus'], PDO::PARAM_INT);
$Statement->bindParam(':LoginIP', $_UserData['LoginIP'], PDO::PARAM_STR);
$Statement->bindParam(':Token', $_UserData['ActivationToken'], PDO::PARAM_LOB);
$Statement->bindParam(':TokenExpiry', $_UserData['TokenExpiry'], PDO::PARAM_STR);
$Statement->bindParam(':Company', $_UserData['Company'], PDO::PARAM_STR);
$Statement->bindParam(':BuildingNumber', $_UserData['BuildingNumber'], PDO::PARAM_STR);
//$Statement->bindParam(':Address', $_UserData['Address'], PDO::PARAM_STR);
//$Address = 'line 1 line 2'; //This is the value of $_USERData after using FILTER_SANITIZE_SPECIAL_CHARS insert fails
//$Address = 'Line 1'; //after changing the value of the $_UserData to this the insert is successful
//$Address = 'line 1 line 2'; //After extracting from the $_UserData This fails
$Address = 'Line 1
line 2
line 3'; //This fails. I thought newlines were ok?
$Statement->bindParam(':Address', $Address, PDO::PARAM_STR);
$Statement->bindParam(':Street', $_UserData['Street'], PDO::PARAM_STR);
$Statement->bindParam(':City', $_UserData['City'], PDO::PARAM_STR);
$Statement->bindParam(':County', $_UserData['County'], PDO::PARAM_STR);
$Statement->bindParam(':PostCode', $_UserData['PostCode'], PDO::PARAM_STR);
$ReturnStatus = null; //Return variable for SP must be defined
$Statement->bindParam(':ReturnStatus', $ReturnStatus, PDO::PARAM_INT | PDO::PARAM_INPUT_OUTPUT, 1);
$Statement->execute();
这会产生什么特定的mysql错误? –
它不会生成一个错误,以便说它作为其调用存储过程。 但是SP应该填充的表失败并且没有数据。 但是,如果我手动加载“地址”列的数据,可以从我的帖子看到它的作品完美。它似乎在非字母数字字符和换行符上失败... –