Fatal编程技术网
  • php/
  • Php 使用stmt绑定参数插入问题

Php 使用stmt绑定参数插入问题

php mysql sql

Php 使用stmt绑定参数插入问题,php,mysql,sql,Php,Mysql,Sql,我的SQL还有一个问题。下面您可以看到我正在使用的代码: <?php $con=mysqli_connect("localhost","user","pass","my_db"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } // escape variables for security $name

我的SQL还有一个问题。下面您可以看到我正在使用的代码:

<?php
$con=mysqli_connect("localhost","user","pass","my_db");
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// escape variables for security
$name = mysqli_real_escape_string($con, $_POST['name']);
$contactpersonname = mysqli_real_escape_string($con, $_POST['contactpersonname']);
$departmentname = mysqli_real_escape_string($con, $_POST['departmentname']);
$title = mysqli_real_escape_string($con, $_POST['title']);
$email= mysqli_real_escape_string($con, $_POST['email']);

$stmt = $con -> prepare("INSERT INTO Contacts (Name, ContactPerson, Department, Title, EmailAddress) VALUES ('?', '?', '?', '?', '?')");
$stmt -> bind_param("sssss", $name, $contactpersonname, $departmentname, $title, $email);
$stmt -> execute();


echo "1 record added";

mysqli_close($con);
?>

单引号(
)表示SQL中的varchar文本。通过在
周围加引号,可以防止它们被绑定。只需删除引号,您就可以开始了:


$stmt = $con -> prepare("INSERT INTO Contacts (Name, ContactPerson, Department, Title, EmailAddress) VALUES (?, ?, ?, ?, ?)");



删除占位符“
”?”
->
周围的引号。去掉空格:
$con->prepare
$con->prepare
,然后使用bind命令作为:
绑定参数($stmt,'ssss',vars…
),并在您的查询中从
中删除引号。谢谢大家!!!终于成功了!!!:D