dsh77114 2012-09-28 21:06
浏览 131
已采纳

没有为准备好的语句MySQLi PHP中的参数提供数据

I've been reworking my website from unprotected mysql queries to mysqli prepared statements and it all went well until I got this: No data supplied for parameters in prepared statement.

I've researched it to no avail and I am requesting the blinding awesomeness of this community to help me out.

if(empty($err)) {
    $pSETQuery  = NULL;
    if(!empty($_POST['password'])) {
        $pSETQuery .= ", password = ?";
    }
    if($session->isSuperuser()) {
        $pSETQuery .= ", usertype = ?";
    }
    if(!($stmt = $database->prepare("UPDATE user SET username = ?, email = ? $pSETQuery WHERE UserId = ?"))) {
        $err[] = "PREPARE FAILED.";
    }
    $stmt->bind_param("s", $_POST['username']);
    $stmt->bind_param("s", $_POST['email']);
    if(!empty($_POST['password'])) {
        $stmt->bind_param("s", $_POST['password']);
    }
    if($session->isSuperuser()) {
        $stmt->bind_param("s", $_POST['usertype']);
    }
    $stmt->bind_param("i", $_POST['userid']);
    if(!$stmt->execute()){
        $err[] = "Execute failed. ERROR: " . $stmt->error;
    }

}

Regards, Harry

  • 写回答

4条回答 默认 最新

  • dqo88037 2013-04-12 09:52
    关注

    Seems like you probably want to validate all of those fields before going ahead and updating their profile.

    if(empty($err)) {

    //Check for UserId, otherwise you can't update a profile
    if (empty($_POST['userid'])) {
        //Handle error here...
        exit;
    }

    $userid = $_POST['userid'];

    //Filter out all NULL values and replace with empty strings (safety first!)
    $username = empty($_POST['username']) ? '' : $_POST['username'];
    $password = empty($_POST['password']) ? '' : $_POST['password'];
    $email = empty($_POST['email']) ? '' : $_POST['email'];
    $usertype = empty($_POST['usertype']) ? '' : $_POST['usertype'];

    $pSETQuery  = '';
    $pSETQuery .= !empty($username) ? ", username = ?" : "";
    $pSETQuery .= !empty($password) ? ", password = ?" : "";
    $pSETQuery .= (!empty($usertype) && $session->isSuperuser()) ? ", usertype = ?" : "";
    //This line stops someone from being able to enter a blank username

    //Prepare statement
    if(!($stmt = $database->prepare("UPDATE user SET email = ? $pSETQuery WHERE UserId = ?"))) {
        $err[] = "PREPARE FAILED.";
    }

    //Bind parameters where appropriate
    $stmt->bind_param("s", $email);
    if(!empty($username)) $stmt->bind_param("s", $username);
    if(!empty($password)) $stmt->bind_param("s", $password);
    if($session->isSuperuser() && !empty($usertype)) $stmt->bind_param("s", $usertype);
    $stmt->bind_param("i", $userid);

    //Execute statement
    if(!$stmt->execute()){
        $err[] = "Execute failed. ERROR: " . $stmt->error;
    }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 关于#java#的问题:找一份能快速看完mooc视频的代码
  • ¥15 这种微信登录授权 谁可以做啊
  • ¥15 请问我该如何添加自己的数据去运行蚁群算法代码
  • ¥20 用HslCommunication 连接欧姆龙 plc有时会连接失败。报异常为“未知错误”
  • ¥15 网络设备配置与管理这个该怎么弄
  • ¥20 机器学习能否像多层线性模型一样处理嵌套数据
  • ¥20 西门子S7-Graph,S7-300,梯形图
  • ¥50 用易语言http 访问不了网页
  • ¥50 safari浏览器fetch提交数据后数据丢失问题
  • ¥15 matlab不知道怎么改,求解答!!