为什么我的插入不能使用预准备语句?

时间:2015-08-21 16:42:59

标签: php html mysql

我刚刚了解到,准备好的语句比以前弃用的方法更适合使用。

我尝试了最好的能力和在线教程来完成这项工作并找出问题,但我没有运气,所以我在这里寻求帮助。

 <?php 
 $db = mysql_connect("localhost","root","Mylife2015") or die ("Couldn't   
 connect to SQL server");
 mysql_select_db("i-neo") or die("Couldn't select DB");

 session_start();
 if (isset($_SESSION['user_login'])) {
 $user = $_SESSION["user_login"];
 }
 else {
 $user = "";
 }


 $d  = date('Y-m-d h:i:s a', time());

 if(isset($_POST['log'])){
 $man = $_POST['artist_name'];
 $an = $_POST['album_name'];
 $sn = $_POST['song_name'];
 foreach($_FILES['files']['tmp_name'] as $key => $name_tmp){
     $name = $_FILES['files']['name'][$key];
     $tmpnm = $_FILES['files']['tmp_name'][$key];
     $type = $_FILES['files']['type'][$key];
     $size = $_FILES['files']['size'][$key];
     $dir = "uploads/".$name;
     $move = move_uploaded_file($tmpnm,$dir);
     if($move){
        $msi = $query = "INSERT INTO music ($user, $man, $an, $sn, $name, 
 $type, $size, $dir, $d) VALUES (?,?,?,?,?,?,?,?,?)";
             $stmt = $db->prepare($msi);
             $stmt->bind_param("sssssssss", $user, $man, $an, $sn, $name, 
 $type, $size, $dir, $d);
             $stmt->execute();
        if($msi){
            echo "<script>alert('Insert Successful')</script>";
        } else {
            echo "<script>alert('Upload Fail')</script>";
        }
    } else {
        echo "<script>alert('Uploaded Successfully')</script>";
    }
 }

 }
 ?>

这是我的表格:

 <form action="" method="post" enctype="multipart/form-data">
 <p>
    <label> Song</label>
    <input type="file" name="files[]" />
 </p>

 <p>
    <label> Artist Name</label>
    <input type="text" name="artist_name" />
 </p>

 <p>
    <label> Album Name</label>
    <input type="text" name="album_name" />
 </p>

 <p>
    <label> Song Name</label>
    <input type="text" name="song_name" />
 </p>

 <p>
    <input type="submit" name="log" value="Upload" />
 </p>

这是我的数据库表:

 CREATE TABLE IF NOT EXISTS `music` (
   `id` int(11) NOT NULL,
   `user` varchar(255) NOT NULL,
   `artist_name` varchar(255) NOT NULL,
   `audio_name` varchar(255) NOT NULL,
   `album_name` varchar(255) NOT NULL,
   `name` varchar(225) NOT NULL,
   `type` varchar(71) NOT NULL,
   `size` double NOT NULL,
   `directory` varchar(71) NOT NULL,
   `date_uplaoded` datetime NOT NULL
 ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1;

1 个答案:

答案 0 :(得分:2)

您正在尝试将prepared statements与msql_一起使用而不支持它们,您需要通过以下方式建立连接:

    <?php
            $servername = "localhost";
            $username = "username";
            $password = "password";
            $dbname = "yourdbname";

            // Create connection
            $db = new mysqli($servername, $username, $password, $dbname);

            // Check connection
            if ($db->connect_error) {
                die("Connection failed: " . $db->connect_error);
            }

           // prepare and bind
      $stmt = $db->prepare("INSERT INTO tablename (name, fatherame, add)   VALUES (?, ?, ?)");
    $stmt->bind_param("sss", $name, $fathername, $add);

    // set parameters and execute
    $name = "Muneer Khan";
    $fathername = "Shabbir Khan";
    $add = "KingsStreet";
    $stmt->execute();
    $stmt->close();
    ?>
  

或者您也可以这样使用PDO:

<?php
$server = "localhost";
$user = "username";
$pass = "password";
$db = "yourdbname";

try {
    $conn = new PDO("mysql:host=$server;dbname=$db", $user, $password);

    // set the PDO error mode to exception
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    // prepare sql and bind parameters
    $stmt = $db->prepare("INSERT INTO tablename (name, fathername, add)
    VALUES (:name, :fathername, :add)");

    $stmt->bindParam(':name', $name);
    $stmt->bindParam(':fathername', $fathername);
    $stmt->bindParam(':add', $add);

    $name = "Muneer Khan";
    $fathername = "Shabbir Khan";
    $add = "KingsStreet";
    $stmt->execute();
    }
catch(PDOException $e)
    {
    echo "Error: " . $e->getMessage();
    }
$db = null;
?>