drci47425 2016-01-24 21:02 采纳率: 100%
浏览 81
已采纳

用MySQLI写入数据库

I'm working on a project for a buddy of mine and we want to write our database calls in mysqli. I'm new to this and I've only used mysql commands which I know are out of date at this point. I keep getting Call to a member function query() on a non-object on line 30 which is my if ($mysqli->query($sql)) { command. Could anyone please point me in the right direction for this? I've tried looking it up in W3 schools. Here is my entire code:

// If the form is submitted, INSERT into table.
if (isset($_POST["submit"])) {

    // Define $username and $password.
    $username = $_POST['user_username'];
    $password = $_POST['user_password'];

    // Protect them from MySQL injection.
    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = mysqli_real_escape_string($db, $username);
    $password = mysqli_real_escape_string($db, $password);
    $password = md5($password);

    // Run some queries.
        if ($_FILES["user_image"]["error"] > 0) {

            //Bad Output for form results red text
            echo "<font size = '5'><font color=\"#e31919\">Error: NO CHOSEN FILE <br />";
            echo"<p><font size = '5'><font color=\"#e31919\">INSERT TO DATABASE FAILED";

        } else {

            move_uploaded_file($_FILES["user_image"]["tmp_name"],"uploads/" . $_FILES["user_image"]);
            $file="uploads/".$_FILES["user_image"];
            $image_title = addslashes($_REQUEST['user_image']);
            $sql="INSERT INTO users (user_fname, user_lname, user_image, user_phone, user_cell, user_email, user_username, user_password) VALUES ('$_POST[user_fname]', '$_POST[user_lname]', '$_POST[user_image]', '$_POST[user_phone]', '$_POST[user_cell]', '$_POST[user_email]', '$username', '$password')";
            if ($mysqli->query($sql)) {
                die('Error: ' . $mysqli->error);
            }

            //Good Output for form results green text   
            echo '
             <form enctype="multipart/form-data" action="insert_image.php" method="post" name="changer">
                <div style="padding:10px;">
                    <h2 style="font-size: 28px;">Success!</h2>
                    <p style="font-size: 18px;">Your file has been successfully uploaded!</p>
                </div>     
            </form>';
        }
}

Thanks!

  • 写回答

2条回答 默认 最新

  • dongyudun6465 2016-01-24 21:26
    关注

    Here's your non-object $_POST[user_image] in your VALUES, where you used $_FILES["user_image"] everywhere else but there's no input for it anywhere in what you posted for code. We're dealing with a file here and not an text input.

    I.e.: <input type="file" name="user_image">

    • Only YOU know that.

    Plus, you need to use the connection variable you're really using, if it's $db, or $mysqli and if you successfully connected to your database, or chose the right database and table.

    • Again, only YOU know that.

    Then this:

    $image_title = addslashes($_REQUEST['user_image']);

    You should use $_FILES and not $_REQUEST, since this implies that you may be using a GET method in your unshown "other" form.

    Reference:

    References:

    And use the error handling that fits your connection. Consult my Edit below.

    Also make sure that folder you're wanting to upload to, has the right permissions to write to it.

    Add error reporting to the top of your file(s) which will help find errors.

    <?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

    Sidenote: Displaying errors should only be done in staging, and never production.

    Also use var_dump();, echo and viewing your HTML source are additional tools that will help you during the debugging process.

    Additional notes:

    If you're wanting to upload that data as binary data in your table, then make sure that you're using the correct type.

    Such as TINYBLOB, BLOB, MEDIUMBLOB, and LONGBLOB.

    Another "only YOU know that".

    Reference:

    As stated by Matt in comments:

    And $file="uploads/".$_FILES["user_image"]; should be changed to $file="uploads/".$_FILES["user_image"]['name'];

    Changing both instances of "uploads/" . $_FILES["user_image"] to "uploads/".$_FILES["user_image"]['name']

    Consult the manual on move_uploaded_file():

    Passwords.

    I noticed you are using MD5 as a password hashing function. This function is no longer considered safe to use.

    Use one of the following:

    Other links:

    Important sidenote about column length:

    If and when you do decide to use password_hash() or crypt, it is important to note that if your present password column's length is anything lower than 60, it will need to be changed to that (or higher). The manual suggests a length of 255.

    You will need to ALTER your column's length and start over with a new hash in order for it to take effect. Otherwise, MySQL will fail silently.

    Edit:

    Seeing another one of your questions:

    I noticed PDO syntax $row = $stmt->fetch(PDO::FETCH_ASSOC); and where you are mixing with mysql_ functions $image = mysql_query....

    This tells me that you may still be mixing MySQL APIs. If your connection is PDO, then you cannot intermix those different APIs. You must use the same one from connecting to query.

    Consult the following on Stack:

    PDO with mysql_ - invalid
    PDO with mysqli_ - invalid
    mysql_ with mysqli_ - invalid

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 关于大棚监测的pcb板设计
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)