[英]Prepared statement error with insert
我第一次嘗試使用准備好的語句以避免sql注入,但是當我嘗試插入或更新數據庫時似乎出現了問題,我使用這些行來執行我想要的操作:
插入:
$stmt = $con->prepare("INSERT INTO my_array (image1,image2,image3,image4, info, type, lat, lng, date_created, status, created_by, closed_by, date_finished) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") ;
$stmt->bind_param('bbbbssddsssss', $image1, $image2, $image3, $image4, $info, $type, $lat, $long, $date, $opened, $user, $closed_by, $closed_by, $date_finished);
$stmt->execute();
$result = $stmt->get_result();
更新:
$stmt = $con->prepare("UPDATE users SET fullname = IF(LENGTH(?) = 0, fullname, ?), email = IF(LENGTH(?) = 0, email, ?), phone_num = IF(LENGTH(?) = 0, phone_num, ?) , address = IF(LENGTH(?) = 0, address, ?) WHERE username = '$user'") ;
$stmt->bind_param('ssssiiss',$fullname, $fullname, $email, $email, $phone_number , $phone_number, $address, $address);
$stmt->execute();
$result = $stmt->get_result();
在兩種情況下,我都得到“假”結果。
在第一個中,您有$closed_by
重復項。
在第二個語句中,准備好的語句中有$user
。 那必須是一個參數。
在每個語句中使用正確的錯誤處理:
if(!($stmt = $con->prepare("INSERT INTO my_array (image1,image2,image3,image4, info, type, lat, lng, date_created, status, created_by, closed_by, date_finished) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"))
{
echo "Prepare failed: (" . $con->errno . ") " . $con->error;
}
if(!$stmt->bind_param('bbbbssddsssss', $image1, $image2, $image3, $image4, $info, $type, $lat, $long, $date, $opened, $user, $closed_by, $closed_by, $date_finished))
{
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if(!$stmt->execute())
{
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
if(!($result = $stmt->get_result())
{
echo "Getting result set failed: (" . $stmt->errno . ") " . $stmt->error;
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.