使用mysqli准备绑定和执行将信息插入数据库的问题

时间:2013-10-24 15:27:47

标签: php mysqli prepared-statement sql-injection sqlbindparameter

嗨,我有很多问题试图解决这个基本问题我肯定在面向对象的风格中使用mysqli。我遵循了许多指南并检查了php手册。但我似乎能够使用mysqli执行的唯一数据库操作是从表中检索数据。我正在尝试创建一个注册页面,我只是将后期数据放入数据库。我用旧式msql_connect做了很多次,但是面向对象的风格让我很烦恼。这是我的代码。

$db = new mysqli(info is all corrected as i tested database connectivity);

 if ($db->connect_errno > 0){
die('unable to connect to database [' . $db->connect_error . ']');
}
else {
    echo('conenction successful');
}

    $fname = $_POST['fname'];  
    $lname = $_POST['lname']; 
    $uname = $_POST['uname']; 
    $email = $_POST['email']; 
    $email1 = $_POST['emai1']; 
    $ad1 = $_POST['ad1']; 
    $ad2 = $_POST['ad2']; 
    $town = $_POST['town']; 
    $city = $_POST['city']; 
    $postcode = $_POST['postcode'];
    $mphone =  $_POST['mphone'];
    $hphone = $_POST['hphone'];
    $password ="hh";
    if (!($stmt->$db->prepare("INSERT INTO `users` (`username`, `fname`, `lname`, 
                            `password`, `email`, `address1`, `address2`, `town`, 
                            `city`, `postcode`, `mphone`, `hphone`)
                            VALUES
                            (?,?,?,?,?,?,?,?,?,?,?,?)")))
    {
        echo "Prepare failed: (" . $db->errno . ")" . $db->error;
        }

    if (!$stmt->bind_param("ssssssssssii",  $uname, $fname, $lname, $password, $email, $ad1, $ad2, $town, $city, $postcode, $mphone, $hphone))
    {
        echo "binding parameters failed: (" . $stmt->errno . ")" . $stmt->error;
    }               
    if (!$stmt->execute()) {
        echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}

users表的数据库架构就是这个。 

CREATE TABLE `users` (

id int(11)unsigned NOT NULL AUTO_INCREMENT,   username varchar(10)NOT NULL DEFAULT'',   fname varchar(11)NOT NULL,   lname varchar(11)NOT NULL,   password varchar(50)NOT NULL DEFAULT'',   email varchar(40)NOT NULL DEFAULT'',   access int(8)NOT NULL DEFAULT'1',   address1 varchar(50)DEFAULT NULL,   address2 varchar(50)DEFAULT NULL,   town varchar(25)DEFAULT NULL,   city varchar(20)DEFAULT NULL,   postcode varchar(8)DEFAULT NULL,   mphone int(11)DEFAULT NULL,   hphone int(11)DEFAULT NULL,   salt varchar(50)DEFAULT NULL,   主要关键(id) )ENGINE = InnoDB AUTO_INCREMENT = 4 DEFAULT CHARSET = latin1;

有人可以指出我正确的方向与我出错的地方。

1 个答案:

答案 0 :(得分:-1)

试试这个(根据您的需要调整):

<?php

if (!$stmt = $db->prepare(/* I'm not gonna write all this down :P */)) {
    // Error output (or better log them somewhere, users don't have to see this stuff)
    return;
}
$stmt->bind_param("ssssssssssii", $uname, $fname, $lname, $password, $email, $ad1, $ad2, $town, $city, $postcode, $mphone, $hphone);
if (!$stmt->execute()) {
    // Error output (again, better to log them somewhere)
    return;
}
相关问题
最新问题