我是php初学者,我试图将数据插入表中。我收到错误:
语法错误,意外T_STRING
这是我的代码:
$value = $_POST['IME_KLUBA'];
$value1 = $_POST['ID_SPORT'];
$value2 = $_POST['ID_SAVEZ'];
$stmt = $mysqli->global prepare("INSERT INTO klub(IME_KLUBA, ID_SPORT, ID_SAVEZ) VALUES ('$value', '$value1', '$value2')");
$stmt->bind_param('sssdi',$_POST['IME_KLUBA'],$_POST['ID_SPORT'],$_POST['ID_SAVEZ']);
$stmt->execute();
$stmt->close();
答案 0 :(得分:2)
由于您没有提供mysqli连接的实例且问题中找不到它,请确保您拥有:
$mysqli = new mysqli('localhost', 'username', 'password', 'database_name');
这就是使用预准备语句的全部意义,你绑定那些输入,你不要在查询语句中直接注入它们
$value = $_POST['IME_KLUBA'];
$value1 = $_POST['ID_SPORT'];
$value2 = $_POST['ID_SAVEZ'];
// use placeholders in your query statement, don't directly inject your inputs
$stmt = $mysqli->prepare("INSERT INTO klub(IME_KLUBA, ID_SPORT, ID_SAVEZ) VALUES (?, ?, ?)");
// the number of types that you have given must correspond on how many inputs you are going to bind
$stmt->bind_param('sss',$value, $value1, $value2);
$stmt->execute();
$stmt->close();
我恳请您阅读手册:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php