include 'connect.php';
if ($stmt = $mysqli->prepare("INSERT users (user_name, user_pass) VALUES (mysql_real_escape_string ($_POST['user_name'], sha1($_POST['user_pass']"))
{
$stmt->bind_param("ss", $user_name, $user_pass);
$stmt->execute();
$stmt->close();
}
我在上面的代码行中得到了这个错误,我已经盯着它看了很久但却无法弄清楚出了什么问题。我是PHP,MySQL和HTML的新手。请帮帮我。
Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\xampp\htdocs\signup.php on line 77
答案 0 :(得分:2)
好消息是你要做好准备,坏消息是你做错了:
$username = $_POST['user_name'];
$password = $_POST['user_pass'];
$query = "INSERT users (user_name, user_pass) VALUES (?, sha1(?)) ";
/* create a prepared statement */
if ($stmt = $mysqli->prepare($query)) {
/* bind parameters for markers */
$stmt->bind_param("ss", $username, $password);
/* execute query */
$stmt->execute();
/* close statement */
$stmt->close();
}
/* close connection */
$mysqli->close();
<强>的问题:
mysql_real_escape_string已弃用mysqli_real_escape_string将毫无用处