如何执行PHP的安全查询

Question

$con = mysqli_connect('localhost', 'root','', 'dbname');
if(filter_input(INPUT_POST, "register")){
$username = filter_input(INPUT_POST,'username');
$password = filter_input(INPUT_POST,'password');
$email = filter_input(INPUT_POST,'email');

$stmtInsertUser = $con -> prepare("INSERT INTO tbl_users (username, password, email) values (?, ?, ?)");

$stmtInsertUser -> bind_param($username, $password, $email);

$stmtInsertUser -> execute();

}

这是我的代码，它会返回此错误

Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in C:\xampp\htdocs\xxx\xxx\PHPregister.php on line 10

谢谢！

Answer 1

bind_param的第一个参数是进入的输入类型列表

根据手册：http://www.php.net/manual/en/mysqli-stmt.bind-param.php（s是字符串）

$stmtInsertUser -> bind_param('sss',$username, $password, $email);

Answer 2

尝试

$stmtInsertUser->bind_param('sss',$username, $password, $email);