所以我的sqli遇到了麻烦。我不断收到错误消息(请参阅下文),但我无法找出原因。我是Mysqli的新手,始终无法使用Mysqli将变量安全地插入数据库中。我真的很感谢您的帮助。
致命错误:在第20行的/homepages/38/d735513801/htdocs/future/vehicleFormAdd.php中调用未定义的方法mysqli_stmt :: bindParam()
第20行也是我的第一个bindParam,它是:model
if (isset($_POST['addRecord'])) {
$vehicleFormSQL = $dbLink->prepare("INSERT INTO `db744544270`.`vehicleOrderForm` (`id`, `model`, `varient`, `stockno`, `vinNo`, `transmission`, `cc`, `colour`, `delivery`, `stock`, `status`, `customer`, `tax`, `financeSettlement`, `finance`, `comments`, `orderNo`, `editedBy`) VALUES (NULL, ':model', ':varient', ':stockno', ':vinNo', ':transmission', ':cc', ':colour', ':delivery', ':stock', ':status', ':customer', ':tax', ':financeSettlement', ':finance', ':comments', ':orderNo', ':editedBy')");
$vehicleFormSQL->bindParam(':model', $vehicleModel);
$vehicleFormSQL->bindParam(':varient', $vehicleVarient);
$vehicleFormSQL->bindParam(':stockno', $stockNumber);
$vehicleFormSQL->bindParam(':vinNo', $vinNumber);
$vehicleFormSQL->bindParam(':transmission', $transmission);
$vehicleFormSQL->bindParam(':cc', $cc);
$vehicleFormSQL->bindParam(':colour', $colour);
$vehicleFormSQL->bindParam(':delivery', $deliveryDate);
$vehicleFormSQL->bindParam(':stock', $stockStatus);
$vehicleFormSQL->bindParam(':status', $orderStatus);
$vehicleFormSQL->bindParam(':customer', $customerName);
$vehicleFormSQL->bindParam(':tax', $taxStatus);
$vehicleFormSQL->bindParam(':financeSettlement', $financeSettlement);
$vehicleFormSQL->bindParam(':finance', $finance);
$vehicleFormSQL->bindParam(':comments', $comments);
$vehicleFormSQL->bindParam(':orderNo', $orderNumber);
$vehicleFormSQL->bindParam(':editedBy', $name);
$vehicleModel = $_POST['vehicleModel'];
$vehicleVarient = $_POST['vehicleVarient'];
$stockNumber = $_POST['stockNumber'];
$vinNumber = $_POST['vinNumber'];
$transmission = $_POST['transmission'];
$cc = $_POST['cc'];
$colour = $_POST['colour'];
$deliveryDate = $_POST['deliveryDate'];
$stockStatus = $_POST['stockStatus'];
$orderStatus = $_POST['orderStatus'];
$customerName = $_POST['customerName'];
$customerName = trim($customerName);
$customerName = ucfirst($customerName);
$taxStatus = $_POST['taxStatus'];
$financeSettlemt = $_POST['financeSettlement'];
$finance = $_POST['finance'];
$comments = $_POST['comments'];
$comments = trim($comments);
$orderNumber = $_POST['orderNumber'];
$name = $fn." ".$ln;
$vehicleModel->execute();
}