I am rewriting MySQL statements to prepared ones, because of the SQL injections, but I can't get this to work. It returns:
Error: 1 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '1' at line 1
$cihc = mysqli_prepare($conn,"UPDATE user SET picture=? WHERE id1=?");
mysqli_stmt_bind_param($cihc, "si", $image, $userid);
$sql = mysqli_stmt_execute($cihc);
mysqli_stmt_close($cihc);
if ($conn->query($sql) === TRUE) {
echo "Sent successfully";
}
else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
You are trying to execute a query on the result of the update
. Remove the query()
call and change the $sql
assignment, since it isn't actually SQL.
$cihc = mysqli_prepare($conn,"UPDATE user SET picture=? WHERE id1=?");
mysqli_stmt_bind_param($cihc, "si", $image, $userid);
$result = mysqli_stmt_execute($cihc);
mysqli_stmt_close($cihc);
if ($result) {
echo "Sent successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.