stackoom
  简体   繁体   中英

Prepared statement error with insert

 原文  2014-08-13 18:16:43       php/ mysql/ prepared-statement

Question

I tried to use, for the first time, prepared statement in order to avoid sql injection but it seems i have a problem when i try to insert or update my database i use these lines to do what i want:

Insert: 

 $stmt = $con->prepare("INSERT INTO my_array (image1,image2,image3,image4, info, type, lat, lng, date_created, status, created_by, closed_by, date_finished) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") ;

$stmt->bind_param('bbbbssddsssss', $image1, $image2, $image3, $image4, $info, $type, $lat, $long, $date, $opened, $user, $closed_by, $closed_by, $date_finished);

$stmt->execute();

$result = $stmt->get_result();

Update: 

$stmt = $con->prepare("UPDATE users SET fullname =  IF(LENGTH(?) = 0, fullname, ?), email = IF(LENGTH(?) = 0, email, ?), phone_num = IF(LENGTH(?) = 0, phone_num, ?) , address = IF(LENGTH(?) = 0, address, ?)  WHERE username = '$user'") ;

$stmt->bind_param('ssssiiss',$fullname, $fullname, $email, $email, $phone_number , $phone_number, $address, $address);

$stmt->execute();

$result = $stmt->get_result();

in both i get a "false" result.

2 answers

solution1
 0  2014-08-13 18:34:45

In the first you have $closed_by duplicate.

In the second you have $user in the prepared statement. That must be a parameter.

solution2
 0  2014-08-13 19:01:19

use proper error handling in each of your statements: 

if(!($stmt = $con->prepare("INSERT INTO my_array (image1,image2,image3,image4, info, type, lat, lng, date_created, status, created_by, closed_by, date_finished) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"))
{
     echo "Prepare failed: (" . $con->errno . ") " . $con->error;
}

if(!$stmt->bind_param('bbbbssddsssss', $image1, $image2, $image3, $image4, $info, $type, $lat, $long, $date, $opened, $user, $closed_by, $closed_by, $date_finished))
{
      echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}

if(!$stmt->execute())
{
      echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}

if(!($result = $stmt->get_result())
{
      echo "Getting result set failed: (" . $stmt->errno . ") " . $stmt->error;
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error in mysqli prepared insert statement PHP mysqli prepared statement INSERT error Insert a datetime with prepared statement Insert into table with prepared statement Multiple insert with prepared statement PHP Insert Prepared Statement dynamic prepared insert statement broken prepared statement for insert Failing to insert data into database using prepared statement in PHP, no error reported MySQLi prepared insert statement fails
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM