在我的情况下,在php中插入的准备语句失败

时间:2014-02-14 02:59:45

标签: php mysql mysqli

我正在使用ajax而且我无法告诉错误是什么,但我确定数据已插入我的数据库中。这是我试过的:

if(isset($_POST['user_id']) && isset($_POST['content']) && isset($_POST['date']) && isset($_POST['category_id'])){

    $content = $_POST['content'];
    $date = $_POST['date'];
    $user_id = $_POST['user_id'];
    $category_id = $_POST['category_id'];

    $stmt = $db->prepare("INSERT INTO post_items(`post_id`,`content`,`date`,`user_id`,`category_id`) 
        VALUES (?,?,?,?)");
    $stmt = bind_param('ssii',$content,$date,$user_id,$category_id);

    if($stmt->execute()) { 
        echo mysqli_insert_id($db);

    }else{
        echo "Something is wrong. Insert failed..";
    }
}

我的旧工作版本(缺乏安全性)如下所示:

if(isset($_POST['user_id']) && isset($_POST['content']) && isset($_POST['date']) && isset($_POST['category_id'])){

    $content = $_POST['content'];
    $date = $_POST['date'];
    $user_id = $_POST['user_id'];
    $category_id = $_POST['category_id'];

/*  $result = $db->query("INSERT INTO post_items(`content`,`date`,`user_id`,`category_id`) 
        VALUES (".$content."', '".$date."', '".$user_id."', '".$category_id."')");*/

    $stmt = $db->prepare("INSERT INTO post_items(`post_id`,`content`,`date`,`user_id`,`category_id`) 
        VALUES (?,?,?,?)");
    $stmt = bind_param('ssii',$content,$date,$user_id,$category_id);

    if($stmt->execute()) { 
        echo mysqli_insert_id($db);

    }else{
        echo "Something is wrong. Insert failed..";
    }
}

我不确定我在这里做错了什么,因为这是我第一次使用这种材料。

1 个答案:

答案 0 :(得分:0)

首先,您没有绑定与您指定的值相同数量的参数...

此外,您使用bind_param的方式是错误的。它应该是

if(isset($_POST['user_id']) && isset($_POST['content']) && isset($_POST['date']) && isset($_POST['category_id'])){

    $content = $_POST['content'];
    $date = $_POST['date'];
    $user_id = $_POST['user_id'];
    $category_id = $_POST['category_id'];

    $stmt = $db->prepare("INSERT INTO post_items(`content`,`date`,`user_id`,`category_id`) 
        VALUES (?,?,?,?)");
    $stmt->bindParam(1, $content);
    ...
    $stmt->bindParam(4, $category_id);

    if($stmt->execute()) { 
        echo mysqli_insert_id($db);

    }else{
        echo "Something is wrong. Insert failed..";
    }
}

或者您也可以执行以下操作:

if(isset($_POST['user_id']) && isset($_POST['content']) && isset($_POST['date']) && isset($_POST['category_id'])){

    $content = $_POST['content'];
    $date = $_POST['date'];
    $user_id = $_POST['user_id'];
    $category_id = $_POST['category_id'];

    $stmt = $db->prepare("INSERT INTO post_items(`content`,`date`,`user_id`,`category_id`) 
        VALUES (?,?,?,?)");

    if($stmt->execute(array($content,$date,$user_id,$category_id))) { 
        echo mysqli_insert_id($db);

    }else{
        echo "Something is wrong. Insert failed..";
    }
}

也只是为了让你知道,pdo有一个方法来获取最后一个id,所以代替      mysqli_insert_id 你可以用      $ stmt-> lastInsertId()

if(isset($_POST['user_id']) && isset($_POST['content']) && isset($_POST['date']) && isset($_POST['category_id'])){

    $content = $_POST['content'];
    $date = $_POST['date'];
    $user_id = $_POST['user_id'];
    $category_id = $_POST['category_id'];

    $stmt = $db->prepare("INSERT INTO post_items(`content`,`date`,`user_id`,`category_id`) 
        VALUES (?,?,?,?)");
    $stmt->bindParam(1, $content);
    ...
    $stmt->bindParam(4, $category_id);

    if($stmt->execute()) { 
        echo $stmt->lastInsertId();

    }else{
        echo "Something is wrong. Insert failed..";
    }
}
相关问题
最新问题