<?php
$dbhost="00webhost.com";
$dbuser="a55826qwqw";
$dbpass="subseasdasd";
$dbname="asdasdas";
$con=mysqli_connect($dbhost,$dbuser,$dbpass,$dbname);
$name=$_POST["name"];
$username=$_POST["username"];
$phone=$_POST["phone"];
$mail=$_POST["mail"];
$password=$_POST["password"];
$statement=mysqli_prepare($con,"INSERT INTO mandi(nAme,uSername,pHoneno,mAil,pAssword) VALUES($name,$username,$phone,$mail,$password)") or die(mysqli_error($con));
mysqli_stmt_execute($statement);
mysqli_stmt_close($statement);
mysqli_close($con);
值来自android,即名称,用户名和其他人。 但是当我给出字符串而不是$ name,$ username等时,它会插入。 请告诉我哪里错了。
以上同样适用于本声明
$statement=mysqli_prepare($con,"INSERT INTO mandi(nAme,uSername,pHoneno,mAil,pAssword) VALUES('me','user',123,'mailw','user')");
将数据发送到服务器的android部分是
ArrayList<NameValuePair>dataToSend=new ArrayList<>();
dataToSend.add(new BasicNameValuePair("name",user.name));
dataToSend.add(new BasicNameValuePair("username",user.username));
dataToSend.add(new BasicNameValuePair("phone",user.phone+""));
dataToSend.add(new BasicNameValuePair("mail",user.mail));
dataToSend.add(new BasicNameValuePair("password", user.password));
HttpParams httpParams=new BasicHttpParams();
HttpConnectionParams.setConnectionTimeout(httpParams, CONNECTION_TIMEOUT);
HttpConnectionParams.setSoTimeout(httpParams, CONNECTION_TIMEOUT);
HttpClient client=new DefaultHttpClient();
HttpPost post=new HttpPost(SERVER_ADDRESS+"Register.php");
//Log.d("address",SERVER_ADDRESS+"Register.php");
try{
post.setEntity(new UrlEncodedFormEntity(dataToSend));
client.execute(post);
}catch (Exception e){
e.printStackTrace();
}
答案 0 :(得分:0)
这是我写的一个片段,用于我的基本bind_param函数。
// Assigned key
$var = ??
// Insert the new user into the database
$sql = "
INSERT INTO table (
column,...,...
)
VALUES (
?,..,..,)";
$insert_stmt = $mysqli->prepare($sql);
// Insert the new user into the database
if ($insert_stmt)
{
$insert_stmt->bind_param('ss',$var, $var);
// Execute the prepared query.
if (! $insert_stmt->execute()) {
echo 'error';
}
}
}