“没有为预准备语句中的参数提供数据”全局插入功能

时间:2014-06-08 16:34:43

标签: php mysql mysqli

我写了一个全局函数,用keysvalues获取数组,并将其插入到mysql db中。像这样的东西:

function insert_to_db($table, $data, $is_using_id) {

// I'm connecting to db before this code.
global $mysqli;

// .. Checking for errors ..

// .. if using id, remove the id from the values like this:

    $columns = array_keys($data);
    $values = array_values($data);

    if ($is_using_id == true) {
        unset($values[0]);
        // Reorder the array after unset()
        $values = array_merge($values);
    }
// ..

// Generating text for use at the mysqli::prepare

$columns_text = "";
$i = 0;

while ($i < count($columns)) {
    $column = $columns[$i];

    if ($i == 0) {
        $columns_text = $column;
    } else {
        $columns_text = $columns_text.", ".$column;
    }

    $i++;
}

unset($i);
unset($column);

$values_text = "";
// b_p_f is the $types string for mysqli-stmt::bind_param
$b_p_f = "";

// Generating text for use at the mysqli::prepare

$i = -1;

while ($i < count($values)) {

    echo "\$i equals to {$i}<br>";

    if ($is_using_id == true && $i == -1) {
        // Null because id is calculated automatically by mysql
        $values_text = "NULL";
    } else if ($is_using_id == false && $i == 0) {
        $value = $values[$i];

        $values_text = "?";

        if (is_numeric($value))
        {
            $b_p_f = 'i';
        } else { 
            $b_p_f = 's';
        }
    } else {
        $value = $values[$i];

        $values_text = $values_text.", ?";

        if (is_numeric($value))
        {
            echo "Value: {$value} Found as numberic<br>";
            $b_p_f = $b_p_f.'i';
        } else { 
            echo "Value: {$value} Found as non-numberic<br>";
            $b_p_f = $b_p_f.'s';
        }
    }

    $i++;
}

unset($i);
unset($value);

 echo "b_p_f:";
var_dump($b_p_f);
echo " values:";
var_dump($values);

$stmt = $mysqli->prepare("INSERT INTO ".$table." (".$columns_text.") VALUES (".$values_text.")");

if (!$stmt) {
    return array("error"=>"true", "error_mysqli"=>$mysqli->error, "MORE"=>"INSERT INTO ".$table." (".$columns_text.") VALUES (".$values_text.")");
}

$stmt->bind_param($b_p_f, $values);

if ($stmt->execute()) {
    return array("error"=>"false", "inserted_id"=>$mysqli->insert_id);
} else {
    return array("error"=>"true", "error_stmt"=>$stmt->error, "MORE"=>"INSERT INTO ".$table." (".$columns_text.") VALUES (".$values_text.")");
}
}

然后我打电话给函数:

function hash_password($password) {
$options = [ 'cost' => 12 ];

return password_hash($password, PASSWORD_BCRYPT,$options);
}

$data = array(
 "ID" => NULL,
 "first_name"   => "Alexander",
 "last_name"    => "Margolis",
 "email"        => "shay24590@gmail.com",
 "username"     => "smartDonkey",
 "password"     => "Incorrect",
 "birthday"     => "12-12",
 "date_added"   => time(),
 "total_points" => 0,
 "cafe_added"   => 0,
 "review_placed"=> 0);

$data["password"] = hash_password($data["password"]);

var_dump ( insert_to_db("user", $data, true) );

我在屏幕上看到

array(3) { ["error"]=> string(4) "true" ["error_stmt"]=> string(53) " 没有为准备好的陈述中的参数提供数据 " ["MORE"]=> string(178) "..." }

为什么我会这样?有什么问题?

另外,如果我将值{而不是?传递给mysql::prepare,它就可以了!所以 - 这意味着问题出在mysqli stmt bind_param ..

我知道这个问题与其他问题类似,但我没有找到一个可以解决问题的问题。抱歉我的英语和长期的功能。谢谢!

1 个答案:

答案 0 :(得分:1)

我已移至PDO,而不是致电$stmt->bind_param($b_p_f, $values);,您可以致电$pdo_stmt->execute($values),其中$values是数组。