MySQL 插入到显然没有使用 HTML 表单、PHP 和 MySQL 执行

Question

我是一个初学者“程序员”，所以请原谅我的无知。 为了安全起见，我正在使用准备好的声明。 回显 else 子句而不是执行 INSERT INTO 语句。 我正在从 HTML 表单传递一个隐藏值：

<input type="hidden" value="EVS1" name="CustomerCode" />
<?php   

include ('../etc/mysql_connect.php');


if(isset($_POST['submit'])) {

$FirstName= trim( $_POST['FirstName'] );
$LastName= trim( $_POST['LastName'] );
$Address1= trim( $_POST['Address1'] );
$Address2= trim( $_POST['Address2'] );
$City= trim( $_POST['City'] );
$State= trim( $_POST['State'] );
$Zip= trim( $_POST['Zip'] );
$Email= trim( $_POST['Email'] );



$calculated_date = date('m-d-Y', time() + 86400 * 42);



$stmt = $conn->prepare("INSERT INTO xxx SET FirstName = ?,LastName = ?,Address1 = ?,Address2         = ?,City = ?,State = ?,Zip = ?,Email = ?,CustomerCode = CustomerCode,DrawingEntryDate = NOW() ");

$stmt->bind_param("sssssssss", $_POST['FirstName'] , $_POST['LastName'], $_POST['Address1'],           $_POST['Address2'], $_POST['City'], $_POST['State'], $_POST['Zip'], $_POST['Email'], $_POST['CustomerCode']);

$stmt->execute();

$affected_rows= mysqli_stmt_affected_rows ($stmt);

  if ($affected_rows ==1){
    echo '<body bgcolor="#F9F9F9"><h2>Thank You!</h2><font type="Arial,Helvetica, sans-serif"              size="3">We have successfully received your entry.  Good luck!<br><br>Names are drawn randomly each month, and notified via email.  If your name is chosen, please expect delivery within 4-6 weeks.  Your order is scheduled to be delivered by '.$calculated_date.'.</font></body>';

      mysqli_stmt_close($stmt);
      mysqli_close($dbconnect);

   }  else {
      echo '<body bgcolor="#F9F9F9"><h2>Oops!</h2><font type="Arial,Helvetica, sans-serif" size="3">There is a limit of 1 entry per day.  <b>'.$FirstName.'</b> has already entered on '.$DrawingEntryDate.' .</font></body>';
      echo mysqli_error();

      mysqli_stmt_close($stmt);
      mysqli_close($dbconnect);
   }
}
?>

Answer 1

您在查询中有八个参数占位符，并尝试将九个参数绑定到它。

这里：

$stmt = $conn->prepare("INSERT INTO xxx SET FirstName = ?,LastName = ?,Address1 = ?,Address2 = ?,City = ?,State = ?,Zip = ?,Email = ?,CustomerCode = CustomerCode,DrawingEntryDate = NOW() ");

$stmt->bind_param("sssssssss", $_POST['FirstName'] , $_POST['LastName'], $_POST['Address1'], $_POST['Address2'], $_POST['City'], $_POST['State'], $_POST['Zip'], $_POST['Email'], $_POST['CustomerCode']);

您忘记为CustomerCode放置参数占位符。

如果您总是要将DrawingEntryDate设置为 NOW()，则可以将其排除在查询之外并将该列设置为具有默认值。