您好我希望可以分享光明。我相信到目前为止我取得了进展。我在这里注册:
我想要做的是在发送数据库之前清理我的数据。
<?php
session_start();
if(is_file('include/connection.php'))
include_once('include/connection.php');
else
exit('Database FILES MISSING:(');
if(isset($_POST['submit'])) {
$errors = array();
$data = array();
$name = mysqli_real_escape_string($_POST['name']);
$last_name = $_POST['last_name'];
$user_name = $_POST['user_name'];
$user_type = $_POST['user_type'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
// $created_at = $_POST['created_at'];
$password_hash = password_hash($password, PASSWORD_DEFAULT);
//$created_at = date('Y-m-d');
if(!($stmt = $mysqli->prepare("INSERT INTO user (name, last_name, user_name, user_type, email, password)
VALUES (?,?,?,?,?,?)"))){
echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
}
if(!$stmt->bind_param('ssssss', $name, $last_name, $user_name, $user_type, $email, $password_hash)){
echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
}
if($stmt) {
$_SESSION['main_notice'] = "Successfully registered, login here!";
header('Location: index.php');
}
else{
echo "Registration failed";
}
}
$mysqli->close();
?>
执行失败:(1048)列&#39;名称&#39;不能为空
以上是我提交数据时收到的错误。
尝试过使用mysqli_real_escape_string和mysqli->real_escape_string
如果我仍然需要进行satinized甚至可以绑定数据,那么可以提供一些建议。
同样在我的数据库中,我有created_at字段。见下面的代码。
$created_at = $_POST['created_at'];
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$created_at = date('Y-m-d');
if(!($stmt = $mysqli->prepare("INSERT INTO user (name, last_name, user_name, user_type, email, password, created_at)
VALUES (?,?,?,?,?,?)"))){
echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
}
if(!$stmt->bind_param('ssssss', $name, $last_name, $user_name, $user_type, $email, $password_hash, $created_at)){
echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
}
我收到此错误:
准备失败:(1136)列数与第1行的值计数不匹配 致命错误:在第30行的/home/olami560/public_html/project/allocation/progress/register.php中调用非对象的成员函数bind_param()
我们将不胜感激。感谢
答案 0 :(得分:0)
问题#1,mysqli_real_escape_string在程序上使用时需要连接链接。绑定时你不需要逃脱。如果你要逃脱它将是:
$name = mysqli_real_escape_string($mysqli, $_POST['name']);
或
$name = $mysqli->real_escape_string($_POST['name']);
问题#2,列出了7列,尝试编写了7个值,但只有6个占位符和6个字符串类型。
所以更新为:
if(!($stmt = $mysqli->prepare("INSERT INTO user (name, last_name, user_name, user_type, email, password, created_at)
VALUES (?,?,?,?,?,?,?)"))){
echo "Prepare failed: (" . $mysqli->errno . ")" . $mysqli->error;
}
if(!$stmt->bind_param('sssssss', $name, $last_name, $user_name, $user_type, $email, $password_hash, $created_at)){
echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
}
请注意?中s的数量,占位符以及bind_param中s的数量。如果缺失值是整数,则不是字符串将最后i更改为hit或任何数据类型。