PHP PDO致命错误 - 未找到列但我不看[关闭]

For some reason I'm getting this error, but I'm not lookin for a column named aaron.

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42S22]: Column not found: 1054 Unknown column 'Aaron' in 'field list'' in /home/stretch045/public_html/scripts/auth.php:15 Stack trace: #0 /home/stretch045/public_html/scripts/auth.php(15): PDO->prepare('INSERT INTO use...') #1 /home/stretch045/public_html/index.php(35): Auth->checkToken('94257b73ea4ed51...') #2 {main} thrown in /home/stretch045/public_html/scripts/auth.php on line 15

CODE:

$conn = $this->db;
$stmt = $conn->prepare("UPDATE users SET rating='".$xml->rating."', atc='".$xml->ratingatc."', pilot='".$xml->ratingpilot."', division='".$xml->division."' WHERE vid='".$xml->vid."'"); 
$stmt->execute();
if($stmt->rowCount()==0){
     $stmt = $conn->prepare("INSERT INTO users (vid, fname, lname, rating, atc, pilot, division) VALUES (".$xml->vid.",".$xml->firstname.",".$xml->lastname.",".$xml->rating.",".$xml->ratingatc.",".$xml->ratingpilot.",".$xml->division.")"); 
     $stmt->exec($stmt);
     echo 'data inserted into db';
}

In your second query, you didn't put quotes around the strings. So it treats your variable containing 'aaron' as meaning a column.

This would be best solved by actually using parameterized queries.

$query = "INSERT INTO users (vid, fname, ...) VALUES (:vid, :fname, ...)";
$stmt = $conn->prepare($query);
$stmt->execute(['vid'=>$xml->vid, 'fname'=>$xml->fname, ...]);