警告:mysqli_stmt_bind_param():变量数与准备语句中的参数数不匹配
Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in
求助!拜托,我正在尝试将 Mysql 注入添加到我的代码中:
if($stmt = mysqli_prepare($dbconn,$sqlinsert="INSERT INTO `T`(`ID`,`FName`, `LName`, `Gender`, `Agreement`,`Photo`,`Photo_name`) VALUES ('$id','$fname','$lname','$Gender','$radios','$image','$image_name')"))
{
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "i", $id);
}
我收到此警告
Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\wamp\www\Ex\insert-data.php on line 30
Call Stack
# Time Memory Function Location
1 0.0005 142320 {main}( ) ..\insert-data.php:0
2 0.1655 294232 mysqli_stmt_bind_param ( ) ..\insert-data.php:30
第 30 行是:
mysqli_stmt_bind_param($stmt, "i", $id);
有什么办法可以解决这个问题吗?
我试过这种类型$mysqli->prepare,但没有用。
有什么想法吗?感谢您的帮助。
假设您愿意使用 PDO 而不是 mysqli。
您的数据库连接应如下所示:
DB.php
<?php
$host = 'localhost';
$dbname = 'Example';
$username = "root";
$password = "";
$conn = new PDO('mysql:host=localhost;dbname=Example', $username,
$password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
?>
准备好的语句:
file.php
<?php
//Example prepared statement with INSERT
$reply = $conn->prepare("INSERT INTO reply (user_name,
receipient, comment, comment_id, user_image) VALUES
(:username,:receipient,:commentt,:commentid,:userimage)");
$reply->bindParam(":username", $user3_name, PDO::PARAM_STR);
$reply->bindParam(":receipient", $user2_name, PDO::PARAM_STR);
$reply->bindParam(":commentt", $comment2, PDO::PARAM_STR);
$reply->bindParam(":commentid", $c_id, PDO::PARAM_INT);
$reply->bindParam(":userimage", $u_image, PDO::PARAM_STR);
$reply->execute();
?>
对于 MYSQLI
db.php
<?php
$db = new mysqli("localhost","root","","dbname");
?>
file.php
<?php
$stmt = $db->prepare("INSERT INTO reply (user_name,
receipient, comment, user_image) VALUES
(?,?,?,?)");
$stmt->bind_param('ssss', $username, $receipient,$commentt,$userimage);
$stmt->execute();
?>
<?php
$fname = $_POST['first'];//should be the name attribute used in your form
$lname = $_POST['last'];
$gender = $_POST['gen'];
$agreement = $_POST['agree'];
$photo = $_POST['pic'];
$p_name = $_POST['pic_name'];
$stmt = $dbconn->prepare("INSERT INTO T(FName, LName, Gender,
Agreement,Photo,Photo_name) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param('ssssss',$fname,$lname,$gender,$agreement,$photo,$p_name);
$stmt->execute();
?>
求助!拜托,我正在尝试将 Mysql 注入添加到我的代码中:
if($stmt = mysqli_prepare($dbconn,$sqlinsert="INSERT INTO `T`(`ID`,`FName`, `LName`, `Gender`, `Agreement`,`Photo`,`Photo_name`) VALUES ('$id','$fname','$lname','$Gender','$radios','$image','$image_name')"))
{
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "i", $id);
}
我收到此警告
Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\wamp\www\Ex\insert-data.php on line 30 Call Stack # Time Memory Function Location 1 0.0005 142320 {main}( ) ..\insert-data.php:0 2 0.1655 294232 mysqli_stmt_bind_param ( ) ..\insert-data.php:30
第 30 行是:
mysqli_stmt_bind_param($stmt, "i", $id);
有什么办法可以解决这个问题吗?
我试过这种类型$mysqli->prepare,但没有用。
有什么想法吗?感谢您的帮助。
假设您愿意使用 PDO 而不是 mysqli。
您的数据库连接应如下所示:
DB.php
<?php
$host = 'localhost';
$dbname = 'Example';
$username = "root";
$password = "";
$conn = new PDO('mysql:host=localhost;dbname=Example', $username,
$password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
?>
准备好的语句:
file.php
<?php
//Example prepared statement with INSERT
$reply = $conn->prepare("INSERT INTO reply (user_name,
receipient, comment, comment_id, user_image) VALUES
(:username,:receipient,:commentt,:commentid,:userimage)");
$reply->bindParam(":username", $user3_name, PDO::PARAM_STR);
$reply->bindParam(":receipient", $user2_name, PDO::PARAM_STR);
$reply->bindParam(":commentt", $comment2, PDO::PARAM_STR);
$reply->bindParam(":commentid", $c_id, PDO::PARAM_INT);
$reply->bindParam(":userimage", $u_image, PDO::PARAM_STR);
$reply->execute();
?>
对于 MYSQLI
db.php
<?php
$db = new mysqli("localhost","root","","dbname");
?>
file.php
<?php
$stmt = $db->prepare("INSERT INTO reply (user_name,
receipient, comment, user_image) VALUES
(?,?,?,?)");
$stmt->bind_param('ssss', $username, $receipient,$commentt,$userimage);
$stmt->execute();
?>
<?php
$fname = $_POST['first'];//should be the name attribute used in your form
$lname = $_POST['last'];
$gender = $_POST['gen'];
$agreement = $_POST['agree'];
$photo = $_POST['pic'];
$p_name = $_POST['pic_name'];
$stmt = $dbconn->prepare("INSERT INTO T(FName, LName, Gender,
Agreement,Photo,Photo_name) VALUES (?, ?, ?, ?, ?, ?)");
$stmt->bind_param('ssssss',$fname,$lname,$gender,$agreement,$photo,$p_name);
$stmt->execute();
?>