使用准备好的语句出错

Getting error with prepared statement

关注了一个视频,应该可以正常工作的却给我一个错误。我从 !mysqli_stmt_prepare 收到 WHOOPS 错误。也许我错过了什么?视频让我们删除了代替“?”的值,但这对我来说从来没有用过,所以我只是把 $var 放回去。顺便说一句:个人陈述中只有特殊字符(撇号和引号)当他们提交表格时。我以为语句会转义那些没问题。谢谢

<?php

    header('Refresh:3; url=/Collaborate/');

$link = mysqli_connect("*****","*****","*****", "*****");

if (!$link) {
    echo "Error: Unable to connect to MySQL." . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;
 }

    $Fname = $_POST['Fname'];

    $Lname = $_POST['Lname'];

    $Website = $_POST['Website'];

    $Phone = $_POST['Phone'];

    $Email = $_POST['Email'];

    $Interests1 = $_POST['Int1'];

    $Interests2 = $_POST['Int2'];

    $Interests3 = $_POST['Int3'];

    $PersonalStatement = $_POST['PersonalStatement'];

    // BAD ESCAPE. BAD!
        // array_walk_recursive($link, $_POST, 'mysqli_real_escape_string' );

    $sql = "INSERT INTO User(Fname, Lname, Website, Phone, Email, Interest1, Interest2, Interest3, PersonalStatement) VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?);";

    $stmt = mysqli_stmt_init($link);
    if (!mysqli_stmt_prepare($stmt, "sssssssss", $sql)) {
        echo "WHOOPS!";
    } else {
        mysqli_stmt_bind_param($stmt, $Fname, $Lname, $Website, $Phone, $Email, $Interests1, $Interests2, $Interests3, $PersonalStatement);
        mysqli_stmt_execute($stmt);
        echo "<h2>We got you $Fname!</h2>";

    }
    ?>

将您的 sql 字符串值替换为 ? 。在 mysqli_stmt_bind_param() - 你需要第二个参数是 - "sssssssss"