临时Access数据库的位置(Location for temporary Access databases)
为了避免数据库膨胀,我经常创建临时数据库来存储工作数据表。 我想在用户的
%TEMP%
文件夹中创建这些文件。 但是,如果我这样做,Access会向用户显示以下对话框:已经确定了潜在的安全问题。
文件路径:C:\ Users \ JDoe \ AppData \ Local \ Temp \ TempDb \ temp_001.mdb
要打开此文件还是取消操作?
如果我尝试将此文件夹(或
%TEMP%
文件夹的任何子文件夹)添加到受信任位置,我收到以下错误消息:您使用的路径不是有效位置,或出于安全原因不能用作受信任位置; 请检查您输入的路径或选择其他位置或特定文件夹。
这有解决方法吗? 我理解禁止将
%TEMP%
文件夹作为受信任位置的原因。 我只是觉得自己陷入了困境22。To avoid database bloat, I often create temporary databases to store working data tables. I'd like to create these files in the user's
%TEMP%
folder. However, if I do that Access presents the following dialog to the user:A potential security concern has been identified.
File path: C:\Users\JDoe\AppData\Local\Temp\TempDb\temp_001.mdb
Do you want to open this file or cancel the operation?
If I try adding this folder (or any subfolder of the
%TEMP%
folder) to Trusted Locations, I get the following error message:The path you are using is not a valid location or cannot be used as a Trusted location for security reasons; please check the path you have typed or choose another location or a specific folder.
Is there a workaround for this? I understand the reasoning behind disallowing the
%TEMP%
folder as a trusted location. I just feel like I'm stuck in a catch-22.
原文:https://stackoverflow.com/questions/41109257
最满意答案
首先,该表名带有连字符; MySQL数字你想在这里做数学。
$sql = "INSERT INTO o18-reg
转换为
o18
减去reg
所以把它包裹在刻度线中
$sql = "INSERT INTO `o18-reg` ...
或将其重命名为下划线。
那么你将面临另一个问题,价值。 你有什么似乎是字符串,所以你需要引用这些。
即
VALUES ('$title', '$firstname', '$surname' ...
并对其余的字符串执行相同的操作。
然后你面临着一个SQL注入。
使用准备好的声明:
- https://en.wikipedia.org/wiki/Prepared_statement
- http://php.net/manual/en/pdo.prepared-statements.php
编辑:
我只注意到,你有21列,但使用20个变量,没有进行必要的调整来弥补。 您可能会收到有关列不匹配的其他错误,这会产生以下影响:
致命错误:带有消息的未捕获异常'PDOException'。 插入值列表与列表列表不匹配:1136列计数与第1行的值计数不匹配
如果
id
是AI,则需要在查询中稍做调整,方法是在“VALUES ('', '$title', '$firstname' ...
如果为它预留了一个变量(在您发布的代码中似乎不存在),则添加它。 但是,如果
id
列是AI,则使用上面的''
。
洞察力:
确保您的表单确实使用POST方法,并且所有输入都带有名称属性,并且没有拼写错误。
- 他们似乎正确填充,但这也是未来访问者的问题。
将错误报告添加到文件的顶部,这将有助于查找错误。
<?php error_reporting(E_ALL); ini_set('display_errors', 1); // rest of your code
旁注:显示错误只能在分阶段进行,而不能进行生产。
Firstly, that table name with the hyphen; MySQL figures you want to do math here.
$sql = "INSERT INTO o18-reg
Which translates to
o18
minusreg
so wrap it in ticks
$sql = "INSERT INTO `o18-reg` ...
or rename it to be an underscore.
Then you'll be faced with another problem, the VALUES. You have what seems to be strings, so you'll need to quote those.
I.e.
VALUES ('$title', '$firstname', '$surname' ...
and do the same for the rest of the strings.
Then you're faced with an SQL injection.
Use a prepared statement:
- https://en.wikipedia.org/wiki/Prepared_statement
- http://php.net/manual/en/pdo.prepared-statements.php
Edit:
I just noticed, you have 21 columns, but using 20 variables without making the necessary adjustement to compensate. You would have received an additional error about columns do not match, something to the effect of:
Fatal error: Uncaught exception 'PDOException' with message. Insert value list does not match column list: 1136 Column count doesn't match value count at row 1
If
id
is an AI, you will need to make a slight adjustment in your query, by adding''
in:VALUES ('', '$title', '$firstname' ...
If there is a variable set aside for it (which doesn't seem to be present in your posted code), then add it. However, if the
id
column is an AI, then use the''
above.
An insight:
Make sure that your form does use a POST method and that all inputs bear the name attributes, and with no typos.
- They seem to be populating correctly, but this is also for future visitors to the question.
Add error reporting to the top of your file(s) which will help find errors.
<?php error_reporting(E_ALL); ini_set('display_errors', 1); // rest of your code
Sidenote: Displaying errors should only be done in staging, and never production.
相关问答
更多-
PDO删除不起作用,不会抛出错误(添加base64时)(PDO delete is not working and not throwing errors (when adding base64))[2023-10-28]
你混淆了bindParam和bindValue调用。 在前者中,使用对变量的引用,而在后者中,使用值本身。 通过查看其使用语法可以更清楚: public bool PDOStatement::bindValue ( mixed $parameter , mixed $value [, int $data_type = PDO::PARAM_STR ] ) 和 public bool PDOStatement::bindParam ( mixed $parameter , mixed &$variable ... -
使用rowCount(); inside尝试通过sql语句检查受影响的行数 try { $dbh = new PDO("mysql:host=$hostname;dbname=$dbname", $username, $password); /* * * echo a message saying we have connected ** */ //echo 'Connected to database
'; $sql = "DELETE FROM ukgh WHE ... -
您不能为表名和列名指定参数。 更改您的$stmt ,如下所示: $stmt = $pdo->prepare("SELECT Username, Password, Email FROM $table WHERE Username = ?"); 你的execute如下: $stmt->execute(array($user)); 这里有一个很好的解释,为什么你不能为表名或列名指定参数: http : //www.php.net/manual/en/pdo.prepare.php#111977 You ca ...
-
正如Wrikken在评论中指出的那样,您可能已启用输出缓冲。 尝试停止输出缓冲,然后发送标头。 echo "hello"; var_dump('hello'); ob_end_flush(); header('Location: lerning2.php'); As Wrikken noted in the comment, you might have enabled output buffering. Try stopping output buffering and then send the he ...
-
$stmt->execute($array); 想要一个带有PDO绑定的关联数组,你给出了一个这样的数组数组 - >你必须为每个数组做这样的事情(就像你的常识已经说过的那样): foreach ($bundleParams as $row) $stmt->execute($row); } $stmt->execute($array); wants an associative array with the PDO bindings, you give a array of such arrays ...
-
首先,该表名带有连字符; MySQL数字你想在这里做数学。 $sql = "INSERT INTO o18-reg 转换为o18 减去 reg 所以把它包裹在刻度线中 $sql = "INSERT INTO `o18-reg` ... 或将其重命名为下划线。 那么你将面临另一个问题,价值。 你有什么似乎是字符串,所以你需要引用这些。 即 VALUES ('$title', '$firstname', '$surname' ... 并对其余的字符串执行相同的操作。 然后你面临着一个SQL注入。 使用准备 ...
-
SQL命令末尾有语法错误。 删除额外的') 。 它应该是: $sql = "INSERT INTO connections (column1, column2, column3, column4, column5, column6, column7) VALUES (?, ?, ?, ?, ?, ?, ?)"; 代替 $sql = "INSERT INTO connections (column1, column2, column3, column4, column5, column6, ...
-
使用包含所有数据库值的PDO和PHP变量批量插入(Bulk insert using PDO and PHP variable containing all database values)[2022-06-27]
如果您有13k条记录要插入,则不要使用准备好的SQL语句,这对性能有好处。 只需以如下格式生成SQL查询: INSERT INTO IPXTools.MSSWireList (ID, Record, VlookupNode, HostWireLocation) VALUES ('id1', 'r1', 'node1', 'location1'), ('id2', 'r2', 'node2', 'location2'), ... ('id13000', 'r13000', 'node13000', 'l ... -
如果您将user_id为唯一,则可以使用此单个查询而不是此: INSERT INTO user_status ( user_id, last_activity_time ) ( SELECT user_id, NOW() FROM users WHERE username='" . $_COOKIE['username'] . "'" ) ON DUPLICATE KEY UPDATE last_activity_time = NOW(); Instead of this you ...
-
Keys是MySQL中的保留字。 更改列名(更好的解决方案)或更新反引号中的查询包装keys 。 INSERT INTO asce (idn, `keys`... Keys is a reserved word in MySQL. Either change your column name (better solution) or update your query wrapping keys in backticks. INSERT INTO asce (idn, `keys`...