PHP mysqli_stmt_execute()错误
我尝试提交表格时出现以下错误:PHP mysqli_stmt_execute()错误,php,sql,Php,Sql,我尝试提交表格时出现以下错误: Warning: mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, boolean given in /Applications/MAMP/htdocs/phpv1/v1/editprofilephp.php on line 66 Warning: mysqli_stmt_affected_rows() expects parameter 1 to be my
Warning: mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, boolean given in /Applications/MAMP/htdocs/phpv1/v1/editprofilephp.php on line 66
Warning: mysqli_stmt_affected_rows() expects parameter 1 to be mysqli_stmt, boolean given in /Applications/MAMP/htdocs/phpv1/v1/editprofilephp.php on line 68
Error Occurred
Warning: mysqli_error() expects exactly 1 parameter, 0 given in /Applications/MAMP/htdocs/phpv1/v1/editprofilephp.php on line 83
Warning: mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, boolean given in /Applications/MAMP/htdocs/phpv1/v1/editprofilephp.php on line 85
我已经检查了所有其他有相同错误的帖子,我没有犯过这些帖子中提到的任何错误
我的PHP是:
<?php
session_start();
if(isset($_POST['submit'])){
$data_missing = array();
if(empty($_POST['aboutme'])){
// Adds name to array
$data_missing[] = 'aboutme';
} else {
// Trim white space from the name and store the name
$aboutme = trim($_POST['aboutme']);
}
if(empty($_POST['full_name'])){
// Adds name to array
$data_missing[] = 'full_name';
} else {
// Trim white space from the name and store the name
$full_name = trim($_POST['full_name']);
}
if(empty($_POST['friend'])){
// Adds name to array
$data_missing[] = 'friend';
} else {
// Trim white space from the name and store the name
$friend = trim($_POST['friend']);
}
if(empty($data_missing)){
$id = $_SESSION["user_id"];
require_once('mysqli_connect.php');
$query = "UPDATE userprofile SET full_name='{$full_name}' aboutme='{$aboutme}' friend='{$friend}' WHERE id='{$id}' LIMIT 1";
$stmt = mysqli_prepare($dbc, $query);
//i Interger
//d Doubles
//s Everything Else
mysqli_stmt_execute($stmt);
$affected_rows = mysqli_stmt_affected_rows($stmt);
if($affected_rows == 1){
echo 'Student Entered';
mysqli_stmt_close($stmt);
mysqli_close($dbc);
} else {
echo 'Error Occurred<br />';
echo mysqli_error();
mysqli_stmt_close($stmt);
mysqli_close($dbc);
}
} else {
echo 'You need to enter the following data<br />';
foreach($data_missing as $missing){
echo "$missing<br />";
}
}
}else {
echo mysqli_error();
}
?>
我以前在网站的前几节中出于不同的目的使用过这段代码,我没有遇到任何问题。我花了很长时间试图找到错误,但没有成功,所以我决定在这里询问。错误是由SQL中的错误引起的;由于错误,语句无法准备 您的查询:
$query = "UPDATE userprofile SET full_name='{$full_name}' aboutme='{$aboutme}' friend='{$friend}' WHERE id='{$id}' LIMIT 1";
列之间缺少逗号:
$query = "UPDATE userprofile SET full_name='{$full_name}', aboutme='{$aboutme}', friend='{$friend}' WHERE id='{$id}' LIMIT 1";
而且,值得一提的是,您没有正确地使用预先准备好的语句——您仍然将值直接设置到查询中,这很容易导致SQL注入
尝试更新到:
$query = "UPDATE userprofile SET full_name=?, aboutme=?, friend=? WHERE id=? LIMIT 1";
$stmt = mysqli_prepare($dbc, $query);
if ($stmt) {
mysqli_stmt_bind_param($stmt, "sssi", $full_name, $aboutme, $friend, $id);
mysqli_stmt_execute($stmt);
// the rest of your code
}
我尝试了这个答案,但没有在我的案例中工作,我的php代码中的问题是
$purchased_date = date('Y-m-d', strtotime($_POST['pdate']));
当我检查数据库时,我发现它只存储年份,并在看到后停止-
所以我们应该得到这样的日期
$purchased_date = date('Ymd', strtotime($_POST['pdate']));
对不起,如果我有语法错误为什么你准备的语句中没有
?
s?将用户输入的值连接到SQL查询中是一个糟糕的主意,因为您没有转义或清理。但是如果没有?
变量,它仍然可以正常工作,不是吗?