函数bind_param()在我的新代码中的非对象上

时间:2015-11-06 07:26:15

标签: php mysql sql pdo

我正在尝试将我的PHP代码更改为另一个安全的代码,因此我将update.PHP页面from this更改为:

<?php 
require_once ('../include/global.php');
$id=$_REQUEST['id']; 

  if (isset ($_POST['name'])) { 
$name = $_POST['name']; 
} 
if (isset ($_POST['remarcs'])) { 
$remarcs = $_POST['remarcs']; 
} 
if (isset ($_POST['test_res'])) { 
$test_res = $_POST['test_res']; 
} 
if (isset ($_POST['address'])) { 
$address = $_POST['address']; 
} 

if (isset ($_POST['date'])) { 
$date = $_POST['date']; 
} 

if (isset ($_POST['phone_num'])) { 
$phone = $_POST['phone_num']; 
}

if (isset ($_POST['illness'])) { 
$illness = $_POST['illness']; 
} 
if (isset ($_POST['echo'])) { 
$echo = $_POST['echo']; 
} 
if (isset ($_POST['pe'])) { 
$pe = $_POST['pe']; 
} 
if (isset ($_POST['pmhx'])) { 
$pmhx = $_POST['pmhx']; 
} 
if (isset ($_POST['pshx'])) { 
$pshx = $_POST['pshx']; 
} 
if (isset ($_POST['habbits'])) { 
$habbits = $_POST['habbits']; 
} 
if (isset ($_POST['occup'])) { 
$occup = $_POST['occup']; 
} 
if (isset ($_POST['allergy'])) { 
$allergy = $_POST['allergy']; 
} 

//Check file is uploaded or not 
//if (isset($_FILES['file']['name']) && $_FILES['file']['name']!='' && $_FILES['file']['error']=='') {
//$path2 = ... ; 
//move_uploaded_file(...);
if(is_uploaded_file($_FILES["file"]["tmp_name"]))
{
    $path = "../uploads/".$_FILES['file']['name'];
    move_uploaded_file($_FILES["file"]["tmp_name"], $path);
        $new_path = "./uploads/".$path;

}
else{
    $new_path = $_POST['org_path'];
//$path2 = "../uploads/".$_FILES['echo_photo']['name']; 
}
$sql=('UPDATE $tbl_name SET name = ?, 
echo_files = ?, 
remarcs = ?,
test_res = ?, 
date = ?, 
address = ?, 
phone_num = ?,
illness = ?,
echo = ?, 
pmhx = ?, 
pshx = ?, 
habbits = ?, 
occup = ?, 
allergy = ?,
pe = ?
WHERE id = ? ');
$stmt= $con->prepare($sql);
$stmt->bind_param("ssssssssssssssi", $name, $path, $remarcs, $test_res, $date, $address, $phone,
$illness, $echo, $pmhx, $pshx, $habbits, $occup, $allergy, $pe, $id);
$stmt->execute();

if($stmt->errno){
echo "FAILURE!!! " . $stmt->error;
}
 else { 
header("location:update_done.php");
}
?>

现在我收到了这个错误:

  

致命错误:在非对象中调用成员函数bind_param()   那么对此有何帮助?

3 个答案:

答案 0 :(得分:1)

如果出现here所述的错误,则

prepare()方法返回false。您应该将其保留在if声明中。

您的查询字符串不会解释变量$tbl_name,因为您使用的是单引号。可以使用'.$tbl_name.'修复它。

答案 1 :(得分:1)

将您的代码更新为此。

$stmt= $con->prepare($sql) OR die('Some error occured');

现在如果它死了,请尝试调试代码。

答案 2 :(得分:0)

因为您没有在代码中定义$tbl_name 

$sql=('UPDATE $tbl_name SET name = ?,.....

它会产生

UPDATE  SET name = ?...

尝试设置表名

相关问题
最新问题