使用Php将数据插入mysql数据库。我收到一条错误，指出错误的整数值：''表示第1行的列'rate'

问题描述：

1.Php code is as follows and i do not have an auto increment field full error description

ERROR: Could not able to execute INSERT INTO employee( emp_name, rate, ifsc_code, acc_num, acc_holder_name) VALUES ( '', '', '', '', ''). Incorrect integer value: '' for column 'rate' at row 1

 <?php

include_once('connectdb.php');

$emp_name = mysqli_real_escape_string($link, $_REQUEST['emp_name']);
$rate = mysqli_real_escape_string($link, $_REQUEST['rate']);
$ifsc_code = mysqli_real_escape_string($link, $_REQUEST['ifsc_code']);
$acc_num = mysqli_real_escape_string($link, $_REQUEST['acc_num']);
$acc_holder_name = mysqli_real_escape_string($link, $_REQUEST['acc_holder_name']); 

$sql = "INSERT INTO employee(   emp_name, 
                                rate, 
                                ifsc_code, 
                                acc_num, 
                                acc_holder_name) 

        VALUES              (   '$emp_name', 
                                '$rate',
                                '$ifsc_code',
                                '$acc_num',
                                '$acc_holder_name')";

if(mysqli_query($link, $sql)){

    //echo "<script type='text/javascript'>alert('Commodity added to inventory')</script>";
    echo "<meta http-equiv='refresh' content='0;url=insert_emp_details.php'>";
} else{
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}

mysqli_close($link);

?>

1.Php代码如下，我没有自动增量字段 full错误说明 p>

错误：无法执行INSERT INTO员工（emp_name，rate， ifsc_code，acc_num，acc_holder_name）VALUES（''，''，''，''，' '）。错误的整数值：''对于第1行的列'rate' p> blockquote>

 ＆lt;？php 
 
include_once（'connectdb  .php'）; 
 
 $ emp_name = mysqli_real_escape_string（$ link，$ _REQUEST ['emp_name']）; 
 $ rate = mysqli_real_escape_string（$ link，$ _REQUEST ['rate']）; 
 $ ifsc_code =  mysqli_real_escape_string（$ link，$ _REQUEST ['ifsc_code']）; 
 $ acc_num = mysqli_real_escape_string（$ link，$ _REQUEST ['acc_num']）; 
 $ acc_holder_name = mysqli_real_escape_string（$ link，$ _REQUEST ['acc_holder_name']  ）;  
 
 $ sql =“INSERT INTO employee（emp_name，
 rate，
 ifsc_code，
 acc_num，
 acc_holder_name）
 
 VALUES（'$ emp_name'，
'$ rate'，
  '$ ifsc_code'，
'$ acc_num'，
'$ acc_holder_name'）“; 
 
if（mysqli_query（$ link，$ sql））{
 
 // echo”＆lt; script type ='  text / javascript'＆gt;提醒（'商品已添加到广告资源'）＆lt; / script＆gt;“; 
 echo”＆lt; meta http-equiv ='refresh'content ='0; url = insert_emp_details.php'＆gt;“  ; 
} else {
 echo“错误：无法执行$ sql。”。  mysqli_error（$ link）; 
} 
 
mysqli_close（$ link）; 
 
？＆gt; 
  code>  pre> 
  div>

答

As per my comments you should convert $rate into integer or remove ' single quotes like this

$sql = "INSERT INTO employee(   emp_name, 
                                rate, 
                                ifsc_code, 
                                acc_num, 
                                acc_holder_name) 

        VALUES              (   '$emp_name', 
                                $rate,
                                '$ifsc_code',
                                '$acc_num',
                                '$acc_holder_name')";

you can convert into integer like this $rate= (int)$rate;

Also use pdo with bind parameter function for prevent sql injection

答

As noted above in a comment the original code is potentially vulnerable to SQL injection so the use of a prepared statement would be advised to help mitigate risk.

The error message you posted though concerns me - it appears that all the values are empty... is that the case? You should check for the existence of these variables before attempting the sql operations.

<?php

    include_once('connectdb.php');

    try{

        $sql='insert into `employee` ( `emp_name`, `rate`, `ifsc_code`, `acc_num`, `acc_holder_name` ) values (?,?,?,?,?);';

        /* field names expected in REQUEST array and associated data type for filtering */
        $args=array(
            'emp_name'          =>  FILTER_SANITIZE_STRING,
            'rate'              =>  FILTER_SANITIZE_NUMBER_INT, /* assumed that rate is an integer */
            'ifsc_code'         =>  FILTER_SANITIZE_STRING,
            'acc_num'           =>  FILTER_SANITIZE_NUMBER_INT, /* assumed that acc_num is an integer ?? */
            'acc_holder_name'   =>  FILTER_SANITIZE_STRING
        );
        /* filter REQUEST array using above arguments */
        filter_input_array( INPUT_REQUEST, $args );

        /* extract variables */
        extract( $_REQUEST );


        /* If all the variables were extracted correctly after filtering - proceed */
        if( $emp_name && $rate && $ifsc_code && $acc_num && $acc_holder_name ){

            /* if the filter failed this will probably never be called but... */
            if( !is_integer( $rate ) ) throw new Exception('rate is not an integer');

            /* create a prepared statement */
            $stmt=$link->prepare( $sql );

            /* If the query failed for some reason - abandon ship */
            if( !$stmt )throw new Exception( sprintf( 'error preparing sql query: %s', $stmt->error ) );

            /* assumed that rate and acc_num is an integer ?? */
            $stmt->bind_param( 'sisis', $emp_name, $rate, $ifsc_code, $acc_num, $acc_holder_name );

            /* execute the query */
            $result = $stmt->execute();
            if( $result ){

                echo "Success";


            } else {
                throw new Exception( sprintf( "Bogus! %s", $stmt->error ) );
            }
        } else {
            throw new Exception( 'an error occurred extracting one or more variables - check "$args" array!' );
        }

    } catch( Exception $e ){
        exit( $e->getMessage() );
    }
?>

使用Php将数据插入mysql数据库。 我收到一条错误，指出错误的整数值：''表示第1行的列'rate'

相关推荐

使用Php将数据插入mysql数据库。我收到一条错误，指出错误的整数值：''表示第1行的列'rate'