我尝试了多种方法来尝试让它发挥作用。已尝试了有关此主题的先前问题的所有回答方法,但无法解决。
如果 $_POST 变量没有值,我尝试将 NULL 而不是字符串 NULL 插入数据库。它只是不断插入字符串“NULL”或只是一个空白列。以下是我尝试过的所有查询方式。
我的数据库类有一个方法sql_prep:
public function sql_prep($postVariable){
$output;
if(trim($postVariable) == ''){
$output = 'NULL';
}else{
$output = strval(mysqli_real_escape_string($this->connection, $postVariable));
};
return $output;
}
这是查询:
if(isset($_POST["createUserSubmit"])) :
$temp_connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);
$firstName = $db->sql_prep($_POST["firstName"]);
$lastName = $db->sql_prep($_POST["lastName"]);
$companyName = $db->sql_prep($_POST["companyName"]);
$streetAddress = $db->sql_prep($_POST["streetAddress"]);
$streetAddress2 = $db->sql_prep($_POST["streetAddress2"]);
$streetAddress3 = $db->sql_prep($_POST["streetAddress3"]);
$city = $db->sql_prep($_POST["city"]);
$state = $db->sql_prep($_POST["state"]);
$zip = $db->sql_prep($_POST["zipCode"]);
$country = $db->sql_prep($_POST["country"]);
$phone = $db->sql_prep($_POST["phone"]);
$fax = $db->sql_prep($_POST["fax"]);
$email = $db->sql_prep($_POST["email"]);
mysqli_query($temp_connection, "INSERT INTO Address(firstName, lastName, companyName, address1, address2, address3, city, state, zip, country, phone, fax, email, dateCreated, dateModified) VALUES (" . $firstName . ", " . $lastName . ", " . $companyName . ", " . $streetAddress . ", " . $streetAddress2 . ", " . $streetAddress3 . ", " . $city . ", " . $state . ", " . $zip . ", " . $country . ", " . $phone . ", " . $fax . ", " . $email . ", NOW(), NOW())");
mysqli_close($temp_connection);
redirect_to('./create-user.php');
endif;
即使字段已填写,该查询也不会将任何数据推送到数据库。我尝试查询的另一种方式:
mysqli_query($temp_connection, "INSERT INTO Address(firstName, lastName, companyName, address1, address2, address3, city, state, zip, country, phone, fax, email, dateCreated, dateModified) VALUES ('{$firstName}', '{$lastName}', '{$companyName}', '{$streetAddress}', '{$streetAddress2}', '{$streetAddress3}', '{$city}', '{$state}', '{$zip}', '{$country}', '{$phone}', '{$fax}', '{$email}', NOW(), NOW())");
如果 $_POST 变量为空,则会将字符串“NULL”返回到数据库中。我还尝试将我的 sql_prep 函数更改为:
public function sql_prep($postVariable){
$output;
if(trim($postVariable) == ''){
$output = NULL; //returned PhP Null instead of string 'NULL'
}else{
$output = strval(mysqli_real_escape_string($this->connection, $postVariable));
};
return $output;
}
将其更改为返回 PhP NULL 而不是“NULL”会导致查询仅将空白列插入数据库。
无法弄清楚这个问题,如果没有值,真的想推送 SQL NULL。
最佳答案
尝试使用prepared statements ,这也可以帮助您保持安全。
$var = NULL;
$stmt = $mysqli->prepare("INSERT INTO test(id) VALUES (?)");
$stmt->bind_param("s", $var);
$stmt->execute();
应该为您插入一个NULL值。
关于php - 如果没有 $_POST 值,则无法让 SQLI 插入 null,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36627171/