1. 首頁
  2. 問答
  3. 如果沒有$ _POST值,則無法將SQLI獲取到INSERT null

如果沒有$ _POST值,則無法將SQLI獲取到INSERT null

2016-04-14 48 views
0

我嘗試了多種方法嘗試並使其工作。已經嘗試了以前關於此主題的所有答案,並且無法得到它。

如果$ _POST變量沒有值,我試圖插入NULL而不是數據庫中的字符串NULL。它只是插入字符串'NULL'或只是一個空白列。以下是我嘗試查詢的所有方法。

我的數據庫類有一個方法sql_prep

public function sql_prep($postVariable){ 
    $output; 
    if(trim($postVariable) == ''){ 
    $output = 'NULL'; 
    }else{ 
    $output = strval(mysqli_real_escape_string($this->connection, $postVariable)); 
    }; 
    return $output; 
}

下面是該查詢:

if(isset($_POST["createUserSubmit"])) : 
    $temp_connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME); 
    $firstName = $db->sql_prep($_POST["firstName"]); 
    $lastName = $db->sql_prep($_POST["lastName"]); 
    $companyName = $db->sql_prep($_POST["companyName"]); 
    $streetAddress = $db->sql_prep($_POST["streetAddress"]); 
    $streetAddress2 = $db->sql_prep($_POST["streetAddress2"]); 
    $streetAddress3 = $db->sql_prep($_POST["streetAddress3"]); 
    $city = $db->sql_prep($_POST["city"]); 
    $state = $db->sql_prep($_POST["state"]); 
    $zip = $db->sql_prep($_POST["zipCode"]); 
    $country = $db->sql_prep($_POST["country"]); 
    $phone = $db->sql_prep($_POST["phone"]); 
    $fax = $db->sql_prep($_POST["fax"]); 
    $email = $db->sql_prep($_POST["email"]); 
    mysqli_query($temp_connection, "INSERT INTO Address(firstName, lastName, companyName, address1, address2, address3, city, state, zip, country, phone, fax, email, dateCreated, dateModified) VALUES (" . $firstName . ", " . $lastName . ", " . $companyName . ", " . $streetAddress . ", " . $streetAddress2 . ", " . $streetAddress3 . ", " . $city . ", " . $state . ", " . $zip . ", " . $country . ", " . $phone . ", " . $fax . ", " . $email . ", NOW(), NOW())"); 
    mysqli_close($temp_connection); 
    redirect_to('./create-user.php'); 
endif;

該查詢甚至不會任何數據推到數據庫中,即使該字段填寫。另一種方法我試過查詢:

mysqli_query($temp_connection, "INSERT INTO Address(firstName, lastName, companyName, address1, address2, address3, city, state, zip, country, phone, fax, email, dateCreated, dateModified) VALUES ('{$firstName}', '{$lastName}', '{$companyName}', '{$streetAddress}', '{$streetAddress2}', '{$streetAddress3}', '{$city}', '{$state}', '{$zip}', '{$country}', '{$phone}', '{$fax}', '{$email}', NOW(), NOW())");

這將返回字符串「NULL」到數據庫中,如果$ _POST變量是空的。我也試過我sql_prep功能改成這樣:

public function sql_prep($postVariable){ 
    $output; 
    if(trim($postVariable) == ''){ 
    $output = NULL; //returned PhP Null instead of string 'NULL' 
    }else{ 
    $output = strval(mysqli_real_escape_string($this->connection, $postVariable)); 
    }; 
    return $output; 
}

更改它返回,而不是「NULL」 NULL比索導致查詢只是一個空白列推入分貝。

無法想出這一個,真的想推SQL NULL如果沒有值。

來源

2016-04-14 Taylor Foster

+0

數據庫字段是否設置爲默認NULL? – caramba

+0

我相信當你將NULL連接成一個字符串時,它將NULL轉換爲一個空字符串。這就是爲什麼你要爲應該設置爲NULL的字段獲得「空白值」。 –

+0

是將其設置爲默認NULL –

回答

2

嘗試使用prepared statements,它可以幫助您保持安全。

$var = NULL; 
$stmt = $mysqli->prepare("INSERT INTO test(id) VALUES (?)"); 
$stmt->bind_param("s", $var); 
$stmt->execute();

應爲您插入一個NULL值。

來源

2016-04-14 15:27:54 mkluwe

+0

這是我要找的答案!謝謝! –

相關問題

 相關問題