Я использую PHP и PDO с подготовленными операторами в файле класса. Я продолжаю получать ошибку: Предупреждение: mysql_real_escape_string(): Доступ запрещен для пользователя. Когда метод вызывается. Я действительно не знаю, как обойти эту проблему.PHP PDO Предупреждение: mysql_real_escape_string(): Доступ запрещен для пользователя
Вот метод из файла класса:
public function insertReview() {
$fk_employee = $_POST['fk_employee'];
// Current Date returned from JQuery and formatted to add to DB.
$cdate = $_POST['current_date'];
$current_date = explode("/", $cdate);
$cmonth = $current_date[0];
$cday = $current_date[1];
$cyear = $current_date[2];
$current_dateA = array($cyear, $cmonth, $cday);
$review_date = implode("-", $current_dateA);
// Review Begin Date returned from JQuery Datepicker and formatted to add to DB.
$bdate = $_POST['r_period_begin'];
$begin_date = explode("/", $bdate);
$bmonth = $begin_date[0];
$bday = $begin_date[1];
$byear = $begin_date[2];
$begin_dateA = array($byear, $bmonth, $bday);
$r_period_begin = implode("-", $begin_dateA);
// Review End Date returned from JQuery Datepicker and formatted to add to DB.
$edate = $_POST['r_period_end'];
$end_date = explode("/", $edate);
$emonth = $end_date[0];
$eday = $end_date[1];
$eyear = $end_date[2];
$end_dateA = array($eyear, $emonth, $eday);
$r_period_end = implode("-", $end_dateA);
// Criteria
$criterias = $_POST['criteria'];
$criteriaValue = $_POST['criteriaValue'];
$comments = $_POST['Comments'];
foreach ($criteriaValue as $key => $value){
foreach($criterias as $crit){
if($crit == $key){
$string1 = $key;
foreach($comments as $comment => $comm){
if($string1 == $comment){
$string3 = $comm;
}
}
}
}
foreach ($value as $result){
$string2 = $result;
}
$criteria .= mysql_real_escape_string($string1 . '|' . $string2 . '|' . $string3 . '|');
}
$overall_rating = $_POST['overall_rating'];
$additional_comments = $_POST['additional_comments'];
$goals = $_POST['goals'];
$conn = parent::connect();
$sql = "INSERT INTO " . TBL_EMPLOYEE_REVIEW . " (
fk_employee,
review_date,
r_period_begin,
r_period_end,
criteria,
overall_rating,
additional_comments,
goals
) VALUES (
:fk_employee,
:review_date,
:r_period_begin,
:r_period_end,
:criteria,
:overall_rating,
:additional_comments,
:goals
)";
try {
$st = $conn->prepare($sql);
$st->bindValue(":fk_employee", $fk_employee, PDO::PARAM_STR);
$st->bindValue(":review_date", $review_date, PDO::PARAM_STR);
$st->bindValue(":r_period_begin", $r_period_begin, PDO::PARAM_STR);
$st->bindValue(":r_period_end", $r_period_end, PDO::PARAM_STR);
$st->bindValue(":criteria", quote($criteria), PDO::PARAM_STR);
$st->bindValue(":overall_rating", $overall_rating, PDO::PARAM_STR);
$st->bindValue(":additional_comments", $additional_comments, PDO::PARAM_STR);
$st->bindValue(":goals", $goals, PDO::PARAM_STR);
$st->execute();
parent::disconnect($conn);
} catch (PDOException $e) {
echo $e->getFile();
echo $e->getTraceAsString();
echo "The exception was created on line: " . $e->getLine();
die("Query failed: " . $e->getMessage());
}
}
Я не думаю, что вам нужны 'mysql_real_escape_string()' с методами PDO. – hjpotter92