自动生成数据绑定"没有数据提供参数"
我创建了一个脚本来查找表单发送的所有$_POST值,创建查询并绑定数据以通过MySQLi提交
它一直运行到最后并导致错误消息:
"没有为准备好的声明和#34;
中的参数提供数据
这让我感到难过,因为我的echo语句似乎表明数据已被传递和处理。
<?php
$user = "user";
$pw = "pw";
$url = "myURL";
$db = "myDB";
/*** create a new mysqli object with default database***/
$mysqli = @new mysqli($url, $user, $pw, $db);
/* check connection */
if(!mysqli_connect_errno())
{
/*** if we are successful ***/
echo 'Connected Successfully<br />';
/*** Create the SQL statement ***/
/***Put each variable on separate line so I can use spreadsheet
this helps make sure the number of values is equivalent in all parts ****/
$type = "'";
$params = "";
$valholder = "";
/*** Automatically read the variables sent from study software and generate the MySQLi binding */
foreach ($_POST as $param_name => $param_val) {
if(isset($_POST[$param_name])){
if($param_val==='Submit'){
}
else{
if(is_numeric($param_val)){
$type.="i";
$vals.=$param_val.",";
}
else{
$type.="s";
$vals.="'".$param_val."',";
}
//echo "Param: $param_name; Value: $param_val<br />\n";
$valholder.="?,";
$params.=$param_name.",";
}
}
}
$vals = rtrim($vals, ",");
$params = rtrim($params, ",");
$valholder = rtrim($valholder, ",");
$type.= "'";
echo $type.'<br />';
echo $vals.'<br />';
/*** Initialize a statement object for mysqli_stmt_prepare() ***/
$stmt = mysqli_stmt_init($mysqli);
/*** prepare the statement ***/
$sql = 'INSERT INTO myTable ('.$params.') VALUES('.$valholder.')';
echo $sql.'<br/>';
if (mysqli_stmt_prepare($stmt, $sql))
{
echo 'mysqli successfully prepared<br/>';
/*** bind the parameters ***/
}
else{
//die( 'stmt error: '.mysqli_stmt_error($stmt) );
Echo 'error with binding <br />';
}
mysqli_stmt_bind_param($stmt,$type,$vals);
/*** set parameters and execute ***/
if ( !mysqli_execute($stmt) ) {
die( 'stmt error: '.mysqli_stmt_error($stmt) );
}
}
else
{
/*** if we are unable to connect ***/
echo 'Unable to connect';
exit();
}
?>
回声输出为:
我错过了什么?