使用PHP中的预准备语句将爆炸值插入表中

时间:2017-02-19 22:23:42

标签: php

我正在尝试explode() $_GET['tri']变量值 (localhost/index.php?tri=*POST BUS*2017-09-01*13:00:00*NDOLA*lusaka*MWILA KAUNDA*0963454336*)然后直接将爆炸值写入数据库。

以下是代码:

function x(){
    $Conn = new mysqli('127.0.0.1','root','','app');
    //connect
    if (!$Conn->connect_error) {
        //query
        $query = "INSERT INTO POST_BUS (service, day, time, from, to, name, phone) VALUES(?, ?, ?, ?, ?, ?, ?)";
        //prepare stmt
        $stmt = $Conn->prepare($query);
        //explode tri
        $expl = explode('*', $_GET['tri']);
        //categorise
        $service = "$expl[1]";
        $day = "$expl[2]";
        $time = "$expl[3]";
        $from = "$expl[4]";
        $to = "$expl[5]";
        $name = "$expl[6]";
        $phone = "$expl[7]";
        //dispatch tri
        $stmt->bind_param('sssssss','".$service."','".$day."','".$time."','".$from."','".$to."','".$name."','".$phone."');
        //exe
        if ($stmt->execute()) {
            print('success!');
        }
        else{
            die('error');
        }
    }
    else{
        print('try later!!!');
    }
}

我收到此错误:

  

致命错误:未捕获错误:在C:\ xampp \ htdocs \ index.php中调用boolean上的成员函数bind_param():29堆栈跟踪:#0 C:\ xampp \ htdocs \ index.php(43) :x()#1 {main}在第29行的C:\ xampp \ htdocs \ index.php中抛出

我哪里错了?

1 个答案:

答案 0 :(得分:1)

$query = "INSERT INTO POST_BUS(service, day, time, `from`, `to`, name, phone) VALUES(?, ?, ?, ?, ?, ?, ?);";
    //prepare stmt
    $stmt = $Conn->prepare($query);
    if (!$stmt) {
       die($Conn->error);
    }

是保留字,应该引用。有关mysql中保留字的完整列表,请visit the following link