我试图使用预准备语句在数据库中输入数据。毫无准备的陈述有效,但这份准备好的陈述没有。我无法找出原因。 准备版本:
birthtown = StringField("Birthtown", filters = [lambda x: x or None])
未准备好的版本:
$stmt = $mysqli->prepare("INSERT INTO videos (file_name, upload_by, date, path)
VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $newstring, $id, $date->format('Y-m-d'), $location);
$stmt->execute();
答案 0 :(得分:0)
将$stmt-execute();
替换为$stmt->execute();
另外,请勿在查询中使用date
和path
。使用其他名称对其进行重命名,例如date1
和path1
。
更新您的查询,如下所示,肯定会有效(离线测试):
<?php
$mysqli = new mysqli('localhost', 'root', '', 'test2');
if ($mysqli->errno) {
printf("Connect failed: %s\n", $mysqli->error);
exit();
}
$stmt = $mysqli->prepare("INSERT INTO videos (file_name, upload_by, date1, path1) VALUES (?, ?, ?, ?)");
$stmt->bind_param('ssss', $file_name, $upload_by, $date1, $path1);
$date1 = date("Y-m-d");
$file_name = "test.jpg";
$upload_by = "amit";
$path1 = "test";
if ($result = $stmt->execute()){
echo "success";
$stmt->free_result();
} else {
echo "error";
}
$stmt->close();
?>
答案 1 :(得分:-1)
如果您只使用?,则将参数绑定两次?,不要再次绑定参数直接执行。
//Prepare your query first
$stmt = $mysqli->prepare("INSERT INTO videos (file_name, upload_by, date, path)
VALUES (?, ?, ?, ?)");
//Just pass your argument and execute directly without binding the parameter (The parameter is binded already)
$stmt->execute('ssss', $newstring, $id, $date->format('Y-m-d'), $location);