php - 使用函数在mysql中插入2个查询

Question

目前我正在尝试在我的 php 脚本中编写一个函数，该函数将一个新页面添加到我的数据库中并同时更新导航表。由于某种原因，两个查询都失败了，我不确定我还应该做什么。 这是我的 add_content 函数调用:

elseif ($react == "add_content") {
    echo 'add content';
    $title = $_POST['title'];
    $content = $_POST['content'];
    $page = $_POST['page'];
    if (!empty($title) && !empty($content) && !empty($page)) {
        addcontent($title, $content, $page);
    } else {
    echo 'not enough info';
    }

这是我的职责:

function addcontent($title, $content, $page) {
global $db;
$query1 = "INSERT INTO `content`(`title`, `content`) VALUES (:title, :content)";
$query2 = "INSERT INTO `navigation` ('page', 'content_id') SELECT :page, c.content_id  FROM content c WHERE title=:page;";
try {
    $stat = $db->prepare($query1);
    $stmt = $db->prepare($query2);
    $stat->bindParam(':title', $title);
    $stat->bindParam(':content', $content);
    $stat->bindParam(':page', $page);
    $stat->execute($query1);
    $stmt->execute($query2);
    $result = "<strong>$title</strong> added<p>";
} catch (Exception $ex) {
    $result = "$title deltetion failed";
}

我知道这两个查询有效，因为我已经用虚拟信息测试了它们，只是让它们在导致问题的函数内部工作。

我不确定是否需要这样做，但为了以防万一，这是我要添加内容的表格:

<form method="POST" action="index.php">
            <input type="hidden" name="react" value="add_content">
            <input type="hidden" name="page|title" value="admin">
            <div align="center"><center><p>ADD A New Page<br>
             Title: <input type="text" name="title|page" size="20"><br>
             Content: <input type="text" name="content" size="20"><br>
             <input type="submit" value="Submit"></p></center></div>
        </form>

Answer 1

$query2 = "INSERT INTO `navigation` ('page', 'content_id') 
SELECT :page, c.content_id  FROM content c WHERE title=:page;";
       ^ column name marker

您不能对列名使用标记。来自docs

The markers are legal only in certain places in SQL statements. For example, they are allowed in the VALUES() list of an INSERT statement (to specify column values for a row), or in a comparison with a column in a WHERE clause to specify a comparison value. However, they are not allowed for identifiers (such as table or column names), in the select list that names the columns to be returned by a SELECT statement), or to specify both operands of a binary operator such as the = equal sign. The latter restriction is necessary because it would be impossible to determine the parameter type. In general, parameters are legal only in Data Manipulation Language (DML) statements, and not in Data Definition Language (DDL) statements.

如果您尝试选择常量 $page，您可以选择 c.title，因为您的 where 条件保证它将等于 $page 。

$query2 = "INSERT INTO `navigation` ('page', 'content_id') 
SELECT c.title, c.content_id  FROM content c WHERE title=:page;";

此外，您将 $page 绑定(bind)到错误的语句

$stat->bindParam(':page', $page);

改成

$stmt->bindParam(':page', $page);
   ^