将值插入表格 - >语法错误,意外T_STRING

时间:2014-12-09 01:02:38

标签: php mysql

我是php初学者,我试图将数据插入表中。我收到错误:

语法错误,意外T_STRING

这是我的代码:

   $value = $_POST['IME_KLUBA'];
    $value1 = $_POST['ID_SPORT'];
    $value2 = $_POST['ID_SAVEZ'];


    $stmt = $mysqli->global prepare("INSERT INTO klub(IME_KLUBA, ID_SPORT, ID_SAVEZ) VALUES ('$value', '$value1', '$value2')");
    $stmt->bind_param('sssdi',$_POST['IME_KLUBA'],$_POST['ID_SPORT'],$_POST['ID_SAVEZ']);
    $stmt->execute(); 
    $stmt->close();

1 个答案:

答案 0 :(得分:2)

由于您没有提供mysqli连接的实例且问题中找不到它,请确保您拥有:

$mysqli = new mysqli('localhost', 'username', 'password', 'database_name');

这就是使用预准备语句的全部意义,你绑定那些输入,你不要在查询语句中直接注入它们

$value = $_POST['IME_KLUBA'];
$value1 = $_POST['ID_SPORT'];
$value2 = $_POST['ID_SAVEZ'];

// use placeholders in your query statement, don't directly inject your inputs
$stmt = $mysqli->prepare("INSERT INTO klub(IME_KLUBA, ID_SPORT, ID_SAVEZ) VALUES (?, ?, ?)");

// the number of types that you have given must correspond on how many inputs you are going to bind
$stmt->bind_param('sss',$value, $value1, $value2);
$stmt->execute(); 
$stmt->close();

我恳请您阅读手册:

http://php.net/manual/en/mysqli.quickstart.prepared-statements.php