在null上调用成员函数bindParam()

时间:2017-05-17 04:11:46

标签: php mysqli pdo data-binding prepared-statement

我创建了一个应该在我的数据库中添加新条目的页面,我只是在尝试上传文件时收到此消息:

  

在null

上调用成员函数bindParam()

我检查了我的代码,但在我的连接中看不到任何错误。

<?php

    error_reporting( ~E_NOTICE ); // avoid notice

    require_once 'dbconfig.php';

    if(isset($_POST['btnsave']))
    {
        $username = $_POST['user_name'];// user name
        $userjob = $_POST['user_job'];// user email

        $imgFile = $_FILES['user_image']['name'];
        $tmp_dir = $_FILES['user_image']['tmp_name'];
        $imgSize = $_FILES['user_image']['size'];


        if(empty($username)){
            $errMSG = "Please Enter Username.";
        }
        else if(empty($userjob)){
            $errMSG = "Please Enter Your Job Work.";
        }
        else if(empty($imgFile)){
            $errMSG = "Please Select Image File.";
        }
        else
        {

            $upload_dir = 'user_images/'; // upload directory

            $imgExt = strtolower(pathinfo($imgFile,PATHINFO_EXTENSION)); // get image extension

            // valid image extensions
            $valid_extensions = array('jpeg', 'jpg', 'png', 'gif', 'pdf', 'docx'); // valid extensions

            // rename uploading image
            $userpic = rand(1000,1000000).".".$imgExt;

            // allow valid image file formats
            if(in_array($imgExt, $valid_extensions)){           
                // Check file size '5MB'
                if($imgSize < 5000000)              {
                    move_uploaded_file($tmp_dir,$upload_dir.$userpic);
                }
                else{
                    $errMSG = "Sorry, your file is too large.";
                }
            }
            else{
                $errMSG = "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";        
            }
        }


        // if no error occured, continue ....
        if(!isset($errMSG))
        {

            $sql = "INSERT INTO user (fname, lname, memo, file) VALUES (:fname, :lname, :memo, :file) ON DUPLICATE KEY UPDATE memo=:memo2";
            $stmt->bindParam(':fname',$name);
            $stmt->bindParam(':lname',$lname);
            $stmt->bindParam(':memo',$memo);
            $stmt->bindParam(':file',$file);
            $stm->execute(array(":fname" => $fname, ":hash" => $hash, ":memo" => $memo, ":memo2" => $memo));

            if($stmt->execute())
            {
                $successMSG = "new record succesfully inserted ...";
                header("refresh:5;index.php"); // redirects image view page after 5 seconds.
            }
            else
            {
                $errMSG = "error while inserting....";
            }
        }
    }
?>

1 个答案:

答案 0 :(得分:0)

你从来没有准备过。永远不会声明$stmt。这是null警告的原因。

if($stmt=$conn->prepare(
      "INSERT INTO user (fname, lname, memo, file) VALUES (:fname, :lname, :memo, :file) ON DUPLICATE KEY UPDATE memo=:memo2"
    )
){
    // ... make sure you bind :memo2 as well.
    // don't load values into execute()
    // remove this line:  $stm->execute(array(":fname" => $fname, ":hash" => $hash, ":memo" => $memo, ":memo2" => $memo));
    // use if($stmt->execute()){...
}
相关问题
最新问题