Php 使用stmt绑定参数插入问题
我的SQL还有一个问题。下面您可以看到我正在使用的代码:Php 使用stmt绑定参数插入问题,php,mysql,sql,Php,Mysql,Sql,我的SQL还有一个问题。下面您可以看到我正在使用的代码: <?php $con=mysqli_connect("localhost","user","pass","my_db"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } // escape variables for security $name
<?php
$con=mysqli_connect("localhost","user","pass","my_db");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$name = mysqli_real_escape_string($con, $_POST['name']);
$contactpersonname = mysqli_real_escape_string($con, $_POST['contactpersonname']);
$departmentname = mysqli_real_escape_string($con, $_POST['departmentname']);
$title = mysqli_real_escape_string($con, $_POST['title']);
$email= mysqli_real_escape_string($con, $_POST['email']);
$stmt = $con -> prepare("INSERT INTO Contacts (Name, ContactPerson, Department, Title, EmailAddress) VALUES ('?', '?', '?', '?', '?')");
$stmt -> bind_param("sssss", $name, $contactpersonname, $departmentname, $title, $email);
$stmt -> execute();
echo "1 record added";
mysqli_close($con);
?>
单引号(”
)表示SQL中的varchar文本。通过在?
周围加引号,可以防止它们被绑定。只需删除引号,您就可以开始了:
$stmt = $con -> prepare("INSERT INTO Contacts (Name, ContactPerson, Department, Title, EmailAddress) VALUES (?, ?, ?, ?, ?)");
删除占位符“”?”
->?
周围的引号。去掉空格:$con->prepare
到$con->prepare
,然后使用bind命令作为:绑定参数($stmt,'ssss',vars…
),并在您的查询中从?
中删除引号。谢谢大家!!!终于成功了!!!:D