我是新手,出于安全目的尝试使用准备好的语句时遇到错误。致命错误:未捕获错误:调用成员函数prepare()中的null
我正在尝试使用从HTML表单捕获的数据来设置一个“简单的”准备好的语句来更新数据库记录。 InnoDB v10。我认为我的变量和/或其他语法可能存在问题。任何帮助,我们都感激不尽。 :-)
<!DOCTYPE html>
<html>
<body>
<?php
$hostname = "***";
$username = "***";
$password = "***";
$db = "***";
$dbconnect=mysqli_connect($hostname,$username,$password,$db);
if ($dbconnect->connect_error) {
die("Database connection failed: " . $dbconnect->connect_error);
}
if(isset($_POST['submit'])) {
$RedeemableCode=$_POST['RedeemableCode'];
$FirstName=$_POST['FirstName'];
$LastName=$_POST['LastName'];
$Address1=$_POST['Address1'];
$Address2=$_POST['Address2'];
$City=$_POST['City'];
$State=$_POST['State'];
$Zip=$_POST['Zip'];
$Country=$_POST['Country'];
$stmt = $mysqli->prepare("UPDATE Orders SET RedeemableCode = ?,FirstName = ?,LastName = ?,Address1 = ?,Address2 = ?,City = ?,State = ?,Zip = ?,Country = ?,OrderDate = NOW() WHERE Status='Not Redeemed' and RedeemableCode = '$RedeemableCode' ");
$stmt->bind_param("sssssssss", $_POST['RedeemableCode'], $_POST['FirstName'] , $_POST['LastName'], $_POST['Address1'], $_POST['Address2'], $_POST['City'], $_POST['State'], $_POST['Zip'], $_POST['Country']);
$ stmt-> execute();
$affected_rows= mysqli_stmt_affected_rows ($stmt);
if ($affected_rows ==1){
echo 'Thanks for your order. Your order is scheduled to arrive in 4-6 weeks.';
mysqli_stmt_close($stmt);
mysqli_close($dbconnect);
} else {
echo 'Ooops. The code that you have entered is either not valid or was previously redeemed.';
echo mysqli_error();
mysqli_stmt_close($stmt);
mysqli_close($dbconnect);
}
}
?>
</body>
</html>