dsh77114 2012-09-28 21:06
浏览 132
已采纳

没有为准备好的语句MySQLi PHP中的参数提供数据

I've been reworking my website from unprotected mysql queries to mysqli prepared statements and it all went well until I got this: No data supplied for parameters in prepared statement.

I've researched it to no avail and I am requesting the blinding awesomeness of this community to help me out.

if(empty($err)) {
    $pSETQuery  = NULL;
    if(!empty($_POST['password'])) {
        $pSETQuery .= ", password = ?";
    }
    if($session->isSuperuser()) {
        $pSETQuery .= ", usertype = ?";
    }
    if(!($stmt = $database->prepare("UPDATE user SET username = ?, email = ? $pSETQuery WHERE UserId = ?"))) {
        $err[] = "PREPARE FAILED.";
    }
    $stmt->bind_param("s", $_POST['username']);
    $stmt->bind_param("s", $_POST['email']);
    if(!empty($_POST['password'])) {
        $stmt->bind_param("s", $_POST['password']);
    }
    if($session->isSuperuser()) {
        $stmt->bind_param("s", $_POST['usertype']);
    }
    $stmt->bind_param("i", $_POST['userid']);
    if(!$stmt->execute()){
        $err[] = "Execute failed. ERROR: " . $stmt->error;
    }

}

Regards, Harry

  • 写回答

4条回答 默认 最新

  • dqo88037 2013-04-12 09:52
    关注

    Seems like you probably want to validate all of those fields before going ahead and updating their profile.

    if(empty($err)) {

    //Check for UserId, otherwise you can't update a profile
    if (empty($_POST['userid'])) {
        //Handle error here...
        exit;
    }

    $userid = $_POST['userid'];

    //Filter out all NULL values and replace with empty strings (safety first!)
    $username = empty($_POST['username']) ? '' : $_POST['username'];
    $password = empty($_POST['password']) ? '' : $_POST['password'];
    $email = empty($_POST['email']) ? '' : $_POST['email'];
    $usertype = empty($_POST['usertype']) ? '' : $_POST['usertype'];

    $pSETQuery  = '';
    $pSETQuery .= !empty($username) ? ", username = ?" : "";
    $pSETQuery .= !empty($password) ? ", password = ?" : "";
    $pSETQuery .= (!empty($usertype) && $session->isSuperuser()) ? ", usertype = ?" : "";
    //This line stops someone from being able to enter a blank username

    //Prepare statement
    if(!($stmt = $database->prepare("UPDATE user SET email = ? $pSETQuery WHERE UserId = ?"))) {
        $err[] = "PREPARE FAILED.";
    }

    //Bind parameters where appropriate
    $stmt->bind_param("s", $email);
    if(!empty($username)) $stmt->bind_param("s", $username);
    if(!empty($password)) $stmt->bind_param("s", $password);
    if($session->isSuperuser() && !empty($usertype)) $stmt->bind_param("s", $usertype);
    $stmt->bind_param("i", $userid);

    //Execute statement
    if(!$stmt->execute()){
        $err[] = "Execute failed. ERROR: " . $stmt->error;
    }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥20 求快手直播间榜单匿名采集ID用户名简单能学会的
  • ¥15 DS18B20内部ADC模数转换器
  • ¥15 做个有关计算的小程序
  • ¥15 MPI读取tif文件无法正常给各进程分配路径
  • ¥15 如何用MATLAB实现以下三个公式(有相互嵌套)
  • ¥30 关于#算法#的问题:运用EViews第九版本进行一系列计量经济学的时间数列数据回归分析预测问题 求各位帮我解答一下
  • ¥15 setInterval 页面闪烁,怎么解决
  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历