如何执行PHP的安全查询

时间:2014-05-09 22:22:11

标签: php mysql database

$con = mysqli_connect('localhost', 'root','', 'dbname');
if(filter_input(INPUT_POST, "register")){
$username = filter_input(INPUT_POST,'username');
$password = filter_input(INPUT_POST,'password');
$email = filter_input(INPUT_POST,'email');

$stmtInsertUser = $con -> prepare("INSERT INTO tbl_users (username, password, email) values (?, ?, ?)");

$stmtInsertUser -> bind_param($username, $password, $email);

$stmtInsertUser -> execute();

}

这是我的代码,它会返回此错误

Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables in C:\xampp\htdocs\xxx\xxx\PHPregister.php on line 10

谢谢!

2 个答案:

答案 0 :(得分:1)

bind_param的第一个参数是进入的输入类型列表

根据手册:http://www.php.net/manual/en/mysqli-stmt.bind-param.php(s是字符串)

$stmtInsertUser -> bind_param('sss',$username, $password, $email);

答案 1 :(得分:1)

尝试

$stmtInsertUser->bind_param('sss',$username, $password, $email);