Php mysqli_stmt_execute()希望参数1为mysqli_stmt,
嗨,我需要一些帮助。我目前正在尝试创建一个搜索页面,用户可以在其中通过书名、类别、年份和出版商来搜索特定的书籍 我已经创建了基本的HTML搜索表单,下面是代码:Php mysqli_stmt_execute()希望参数1为mysqli_stmt,,php,html,mysql,parameters,boolean,Php,Html,Mysql,Parameters,Boolean,嗨,我需要一些帮助。我目前正在尝试创建一个搜索页面,用户可以在其中通过书名、类别、年份和出版商来搜索特定的书籍 我已经创建了基本的HTML搜索表单,下面是代码: <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Page Title</tit
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Page Title</title>
</head>
<body>
<form id ="SearchPage" action="SearchPage.php" method="get">
<h1> Search Page</h1>
Book Title <input type="text" name="bookTitle" />
Category <select name="catDesc">
<option value = "Business & Commerce">Business & Commerce</option>
<option value = "Databases">Databases</option>
<option value = "Databases and Web Development">Databases and Web Development</option>
<option value = "Fiction">Fiction</option>
<option value = "Flex & Flash Programming">Flex & Flash Programming</option>
<option value = "Netorks">Netorks</option>
<option value = "Programming">Programming</option>
<option value = "Systems Design">Systems Design</option>
<option value = "Web Development">Web Development</option>
</select>
Publisher <input type="text" name="pubName"/>
Year <input type="text" name="bookYear"/>
<input type ="submit" value-"Find Books"/>
</form>
</body>
</html>
页面标题
搜索页面
书名
类别
商务
数据库
数据库和Web开发
小说
Flex与Flash编程
Networks
程序设计
系统设计
网络开发
出版商
年
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Search Page</title>
</head>
<body>
<table>
<tr>
<th>Book Title</th>
<th>Year</th>
<th>Category</th>
<th>Publisher</th>
</tr>
<?php
include 'database_mysqli_conn.php';
$bookTitle = $_REQUEST['bookTitle'];
$bookYear =$_REQUEST['bookYear'];
$catDesc =$_REQUEST['catDesc'];
$pubName =$_REQUEST['pubName'];
$sql = "SELECT bookTitle, bookYear, catDesc, pubName, FROM nbc_book b inner join nbc_category c on b.catID = c.catID inner join nbc_publisher p on b.pubID = p.pubID WHERE 1";
$stmt = mysqli_prepare($conn, $sql);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $bookTitle, $bookYear, $bookPrice, $catDesc);
if (!empty($bookTitle)) {
$sql= $sql." AND bookTitle = '$bookTitle'";
}
if (!empty($bookYear)) {
$sql= $sql." AND bookYear = '$bookYear'";
}
if (!empty($catDesc)) {
$sql= $sql." AND catDesc = '$catDesc'";
}
if (!empty($pubName)) {
$sql= $sql." AND pubName = '$pubName'";
}
while (mysqli_stmt_fetch($stmt)){
echo "<tr>
<td>$bookTitle</td>
<td>$bookYear</td>
<td>$catDesc</td>
<td>$pubName</td>
</tr>";
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
?>
</body>
</html>
搜索页面
书名
年
类别
出版商
您的查询准备失败,您未能检查失败,等等
$sql = "SELECT bookTitle, bookYear, catDesc, pubName, FROM nbc_book b inner join ..."
^--- stray comma
永远不要假设db查询会成功。特别是在发展中。始终假设失败,检查失败,并将成功视为惊喜:
$stmt = mysqli_prepare($conn, $sql) or die(mysqli_error($conn));
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
改变
到
注意pubName后面的逗号
编辑:您应该将mysqli_stmt_execute($stmt)包装在if中,以确保捕捉到这样的错误
if(mysqli_stmt_execute($stmt)){
//YOUR CODE
}
else{
echo mysqli_stmt_error;
}
查询中的FROM前面有一个逗号。警告:使用mysqli
时,应使用参数化查询,并将用户数据添加到查询中。不要使用字符串插值来完成此操作,因为这样会创建严重的错误。值得注意的是,PDO和命名占位符使这种条件合成变得容易得多。它总是最小的东西:(谢谢你。我现在遇到了另一个问题,当我尝试提交我的搜索结果时,它会从我的sql表中调出所有数据,而不仅仅是我搜索的数据,你知道为什么吗?
$sql = "SELECT bookTitle, bookYear, catDesc, pubName FROM nbc_book b inner join nbc_category c on b.catID = c.catID inner join nbc_publisher p on b.pubID = p.pubID WHERE 1";
if(mysqli_stmt_execute($stmt)){
//YOUR CODE
}
else{
echo mysqli_stmt_error;
}