Php prepare语句出现sqli错误
这是我第一次使用Mysqli,我被困在这个问题上大约一个小时了。我得到了这个错误Php prepare语句出现sqli错误,php,mysqli,Php,Mysqli,这是我第一次使用Mysqli,我被困在这个问题上大约一个小时了。我得到了这个错误 mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\wamp\www\WebContent\success.php on line 30 我在prepare语句中计算了大约10倍的问号,有21个,然后我在bind_param中计算了s和变量,也有
mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters
in prepared statement in C:\wamp\www\WebContent\success.php on line 30
<?php
$mysqli = new mysqli("localhost", "root","","test");
if (mysqli_connect_errno())
{
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$i=0;
if ($stmt = $mysqli->prepare("UPDATE `table` SET `Lan_ID` = '?', `Switching` = '?',
`Own` = '?',`Division` = '?',`Switch_Number` = '?',
`Telecom_Circuit_number` = '?', `Transmitter_Frequency` = '?',
`Receiver_Frequency` = '?', `Band_width` = '?', `Channel` = '?',
`Equipment` = '?', `Power` = '?',
`Line_designation` = '?', `Voltage` = '?', `Phase` = '?',
`Modulate` = '?', `Terms` = '?', `Trap` = '?',
`Ltunner` = '?', `Link` = '?',
`Comment` = '?' ". $_GET['where'.$i] ))
{
$stmt->bind_param('sssssssssssssssssssss', $_GET[$i.'LanID'],$_GET[$i.'Switching'],
$_GET[$i.'Own'], $_GET[$i.'Division'], $_GET[$i.'Switch_Number'], $_GET[$i.'Telecom_Circuit_number'],
$_GET[$i.'Trasmitter_frq'], $_GET[$i.'Receiver_frq'], $_GET[$i.'Band_width'], $_GET[$i.'Channel'],
$_GET[$i.'Equipment'], $_GET[$i.'Power'], $_GET[$i.'Line_designation'],$_GET[$i.'Voltage'],
$_GET[$i.'Phase'],$_GET[$i.'Modulate'],$_GET[$i.'Terms'], $_GET[$i.'Trap'],$_GET[$i.'Ltunner'],
$_GET[$i.'Link'], $_GET[$i.'Comment'] );//this is line 30 btw
}
else
{
printf("Prepared Statement Error: %s\n", $mysqli->error);
}
$stmt->close();
?>
不要将参数占位符放在引号内
但那只是你问题的开始。通过在查询中插入
$\u GET['where'.$i]不能逐字从HTTP请求中获取WHERE子句或任何表达式,并将其复制到SQL字符串中。但不能对SQL表达式使用查询参数,只能使用参数代替单个标量值
$\u GET['where'.$i]$\u GET$\u POST$\u COOKIE