堆栈内存溢出
  简体   繁体   English

带插入的预备语句错误

[英]Prepared statement error with insert

 原文  2014-08-13 18:16:43       php/ mysql/ prepared-statement

问题描述

I tried to use, for the first time, prepared statement in order to avoid sql injection but it seems i have a problem when i try to insert or update my database i use these lines to do what i want: 我第一次尝试使用准备好的语句以避免sql注入,但是当我尝试插入或更新数据库时似乎出现了问题,我使用这些行来执行我想要的操作:

Insert: 插入: 

 $stmt = $con->prepare("INSERT INTO my_array (image1,image2,image3,image4, info, type, lat, lng, date_created, status, created_by, closed_by, date_finished) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") ;

$stmt->bind_param('bbbbssddsssss', $image1, $image2, $image3, $image4, $info, $type, $lat, $long, $date, $opened, $user, $closed_by, $closed_by, $date_finished);

$stmt->execute();

$result = $stmt->get_result();

Update: 更新: 

$stmt = $con->prepare("UPDATE users SET fullname =  IF(LENGTH(?) = 0, fullname, ?), email = IF(LENGTH(?) = 0, email, ?), phone_num = IF(LENGTH(?) = 0, phone_num, ?) , address = IF(LENGTH(?) = 0, address, ?)  WHERE username = '$user'") ;

$stmt->bind_param('ssssiiss',$fullname, $fullname, $email, $email, $phone_number , $phone_number, $address, $address);

$stmt->execute();

$result = $stmt->get_result();

in both i get a "false" result. 在两种情况下,我都得到“假”结果。

2 个解决方案

解决方案1
 0  2014-08-13 18:34:45

In the first you have $closed_by duplicate. 在第一个中,您有$closed_by重复项。

In the second you have $user in the prepared statement. 在第二个语句中,准备好的语句中有$user That must be a parameter. 那必须是一个参数。

解决方案2
 0  2014-08-13 19:01:19

use proper error handling in each of your statements: 在每个语句中使用正确的错误处理: 

if(!($stmt = $con->prepare("INSERT INTO my_array (image1,image2,image3,image4, info, type, lat, lng, date_created, status, created_by, closed_by, date_finished) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"))
{
     echo "Prepare failed: (" . $con->errno . ") " . $con->error;
}

if(!$stmt->bind_param('bbbbssddsssss', $image1, $image2, $image3, $image4, $info, $type, $lat, $long, $date, $opened, $user, $closed_by, $closed_by, $date_finished))
{
      echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}

if(!$stmt->execute())
{
      echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}

if(!($result = $stmt->get_result())
{
      echo "Getting result set failed: (" . $stmt->errno . ") " . $stmt->error;
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 mysqli准备的插入语句中的错误 - Error in mysqli prepared insert statement PHP mysqli准备语句插入错误 - PHP mysqli prepared statement INSERT error 使用预准备语句插入日期时间 - Insert a datetime with prepared statement 使用准备好的语句插入表 - Insert into table with prepared statement 带有预准备语句的多次插入 - Multiple insert with prepared statement PHP插入准备语句 - PHP Insert Prepared Statement 动态准备好的插入语句 - dynamic prepared insert statement 插入的准备好的声明 - broken prepared statement for insert 无法使用PHP中的准备好的语句将数据插入数据库,未报告错误 - Failing to insert data into database using prepared statement in PHP, no error reported MySQLi准备的插入语句失败 - MySQLi prepared insert statement fails
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM