doudou_3636 2014-04-07 12:06
浏览 617
已采纳

警告:mysqli_stmt_bind_param()期望参数1是mysqli_stmt,给定布尔值? [重复]

this is the first time ever that I am trying to secure my code against sql injection using mysqli prepared statement. so please be gentle and explain things in simple terms so I can understand it.

Now I am using the following code which I thought i was right but it throws these errors and I do not understand that at all.

here is the errors:

  1. Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in on line 92
  2. Warning: mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, boolean given in on line 93
  3. Warning: mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, boolean given in on line 96

here is the code:

  1. $stmt = mysqli_prepare(
  2. $db_conx,
  3. "INSERT $storenameTable (firstname, lastname, username, address_1, address_2, postcode, country, county, city, email, password, storeShop, signupdate) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
  4. );
  5. //after validation, of course
  6. mysqli_stmt_bind_param($stmt, "issi", $firstname, $lastname, $username, $address_1, $address_2, $postcode, $country, $county, $city, $email, $hashedPass, $storenameTable);
  7. mysqli_stmt_execute($stmt); <//<<<<<<<< line 92
  8. if (mysqli_affected_rows($db_conx)) <//<<<<<<<< line 93
  9. {
  10. mysqli_stmt_close($stmt); <//<<<<<<<< line 96
  11. //update was successful
  12. $id = mysqli_insert_id($db_conx);
  13. }

i would appreciate your help.

</div>
  • 写回答

2条回答 默认 最新

  • doz22551 2014-04-07 12:16
    关注

    It seems that you have a missing parameter, you should have 13 parameters and 13 ? check the two parameters after password. (I took out signupdate) try the below :

    $stmt = mysqli_prepare(
        $db_conx,
        "INSERT INTO $storenameTable (firstname, lastname, username, address_1, address_2, postcode,  country, county, city, email, password, storeShop) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
    );
    //after validation, of course
    mysqli_stmt_bind_param($stmt, "issi", $firstname, $lastname, $username, $address_1, $address_2, $postcode, $country, $county, $city, $email, $hashedPass, $storenameTable);
    mysqli_stmt_execute($stmt);     <//<<<<<<<< line 92
    if (mysqli_affected_rows($db_conx))     <//<<<<<<<< line 93
    {
        mysqli_stmt_close($stmt);  <//<<<<<<<< line 96
        //update was successful
        $id = mysqli_insert_id($db_conx);
    }
    

    You also can get more details on the last error by using var_dump(mysqli_error($db_conx));

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)
编辑
预览

报告相同问题?

悬赏问题

  • ¥15 ArcGIS Pro时空模式挖掘工具
  • ¥15 获取到海康hls的视频地址是http协议导致无法正常播放
  • ¥15 seL4如何实现从终端输入数据
  • ¥15 方波信号时频特征分析/信号调制与解调过程分析/利用DFT分析信号频谱
  • ¥20 两台硬件相同的琴设备一个是高阶版,怎么扒到初阶版
  • ¥30 matlab求解周期与坐标
  • ¥15 MATLAB图片转灰度格式问题
  • ¥15 把h5作品链接复制到自己的账号里
  • ¥15 ensp抓包实验配置
  • ¥15 强化学习算法、MRO
手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

客服 返回
顶部