我正在尝试做一个反mysql注入代码,但是当我试图运行它时我得到了这个错误:
致命错误:在第75行的/home/u688809913/public_html/testing/apply/php/adminfunctions.php中调用非对象的成员函数bind_param()
下面是代码:
$mysqli = new mysqli($servername, $username, $password, $dbname);
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
$stmt4 = $mysqli->prepare("UPDATE settings
SET (q1=?, q2=?, q3=?, q4=?, q5=?, q6=?, q7=?, q8=?, q9=?, q10=?,
q11=?, q12=?, q13=?, q14=?, q15=?, q16=?, q17=?, q18=?, q19=?,
q20=?)");
$stmt4->bind_param("ssssssssssssssssssss", $qe1, $qe2, $qe3, $qe4, $qe5,
$qe6, $qe7, $qe8, $qe9, $qe10, $qe11, $qe12, $qe13, $qe14, $qe15,
$qe16, $qe17, $qe18, $qe19, $qe20 );
$qe1 = trim($mysqli->real_escape_string($_POST['q1']));
$qe2 = trim($mysqli->real_escape_string($_POST['q2']));
$qe3 = trim($mysqli->real_escape_string($_POST['q3']));
$qe4 = trim($mysqli->real_escape_string($_POST['q4']));
$qe5 = trim($mysqli->real_escape_string($_POST['q5']));
$qe6 = trim($mysqli->real_escape_string($_POST['q6']));
$qe7 = trim($mysqli->real_escape_string($_POST['q7']));
$qe8 = trim($mysqli->real_escape_string($_POST['q8']));
$qe9 = trim($mysqli->real_escape_string($_POST['q9']));
$qe10 = trim($mysqli->real_escape_string($_POST['q10']));
$qe11 = trim($mysqli->real_escape_string($_POST['q11']));
$qe12 = trim($mysqli->real_escape_string($_POST['q12']));
$qe13 = trim($mysqli->real_escape_string($_POST['q13']));
$qe14 = trim($mysqli->real_escape_string($_POST['q14']));
$qe15 = trim($mysqli->real_escape_string($_POST['q15']));
$qe16 = trim($mysqli->real_escape_string($_POST['q16']));
$qe17 = trim($mysqli->real_escape_string($_POST['q17']));
$qe18 = trim($mysqli->real_escape_string($_POST['q18']));
$qe19 = trim($mysqli->real_escape_string($_POST['q19']));
$stmt4->execute();
header('Location: '.$indexurl.'admin.php?p=3');
$stmt4->close();
$mysqli->close();
我读了另一篇文章,但我无法解决这个问题