mysqli_stmt :: bind_param（）：类型定义字符串中的元素数与绑定变量警告数不匹配

My codes for the prevention of SQL injection isn't working. Can anyone help me?

I'm receiving this warning: Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables.

Thanks.

$mysqli = new mysqli('localhost', 'root', '', 'Muproj');    
$query="INSERT INTO tblmember VALUES (':id', ':uname' , ':passwrd' , ':name' , ':surname' ,':0' )";
$stmt = $mysqli->prepare($query);
$stmt->bind_param(':id', $newid);
$stmt->bind_param(':uname', $C_uname);
$stmt->bind_param(':passwrd', $C_passwrd);
$stmt->bind_param(':name', $C_name);
$stmt->bind_param( ':surname', $C_surname);
$stmt->bind_param(':0', '0');
$stmt->execute();
$result=mysql_query($stmt);

写回答
好问题 0 提建议
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duan0414 2015-03-29 13:36
关注
you appear to be mixing PDO syntax with MySQLi syntax.

Please read up on http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

I do not use PDO myself much, but I do use MySQLi, so your references as :something are PDO declarations, but the SQL functions you use are MySQLi.

With a MySQLi bind_param function you need to add all the data into an array-like row (it may actually be an array), but preceeded by a declaration of types, as in String, integer, Double and Blob.

I have rewritten your code in the MySQLi form:

$mysqli = new mysqli('localhost', 'root', '', 'Muproj'); $query="INSERT INTO tblmember VALUES (?, ? , ? , ? , ? ,? )"; $stmt = $mysqli->prepare($query); $stmt->bind_param("issssi", $newid, $C_uname, $C_passwrd, $C_name, $C_surname, $zero) $stmt->execute(); //$result=mysqli_query($stmt);

You need to do some serious research as to the differences of approach and formatting and functionality between MySQLi and PDO. Also be careful to maintain ALL your MySQL as MySQLi , as for example your $result was using the deprectated MySQL query statement.

PS: I would also suggest for clarity and forward compatibility that your INSERT statement in the SQL reads as:

INSERT INTO table_name (column_names1, column_name2, column_names3, ...) VALUES (?,?,?, ...)

So you and the SQL can clearly see which values are plugged into which columns.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

mysql bind variable_警告：mysqli_stmt_bind_param：类型定义字符串中的元素数与绑定变量数不匹配[重复](Warning: mysqli_stmt_bind_pa...
2021-02-07 06:08

zhuyurrr的博客警告：mysqli_stmt_bind_param：类型定义字符串中的元素数与绑定变量数不匹配[重复](Warning: mysqli_stmt_bind_param: Number of elements in type definition string doesn't match number of bind variables ...
mysql定义变量字符串类型_mysqli_stmt :: bind_param（）：类型定义字符串中的元素数量与绑定变量的数量不匹配...
2021-02-08 07:25

住在树上的牛顿的博客我遇到的问题是它说我尝试调用的变量数bind_param与我正在使用的“ s”数不匹配。我数了十二遍，看不到我要去哪里错了。有65个变量和65个“ s”。谁能看到我想念的东西？还是我可能以错误的方式使用bind_param方法...
mysql定义变量字符串类型,mysqli_stmt :: bind_param（）：类型定义字符串中的元素数量与绑定变量的数量不匹配...
2021-02-08 07:25

Hedge Realty的博客 So I have this massive headache inducing query that I need to perform involving 65 form inputs needing to be injected into a database using mysqli prepared statements.The issue I'm running into is tha...
mysql bind result,警告：mysqli_stmt :: bind_result（）：绑定变量的数量与准备好的语句错误中的字段数量不匹配...
2021-02-07 06:09

weixin_39671964的博客 I had a mysql query and I was converting it to mysqli(prepared statement) but I ran in to a problem which throws the below error,Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't m...
Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn‘t match numbe
2022-10-28 16:05

石大憨的博客因为在bind_param 函数必须传入参数，来绑定传入的值，可能是大家不熟悉bind_param 函数的用法。这里的字符串字母只能是上面说的四种类型。bind_param('参数的数据类型'，参数变量)，bind_param('sss',lastname,$...
Get_result() 在 php7.4 中工作，但在 php8 中出现错误“调用未定义方法 mysqli_stmt::get_result()”
2022-09-15 13:37

allway2的博客如果不满足这些条件，mysqli 的 get_result、fetch_all 之类的东西就不存在，也不会起作用。这将是切换更简单、更一致的 PDO 扩展的好时机。它没有像这样的gotya。您还希望切换到使用异常处理错误，并在建立数据库...
php bind_param,php – 在mysqli bind_param中绑定动态变量
2021-04-21 11:14

weixin_39661780的博客当我尝试下面的代码时,它会给我一个警告mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables$stmt = $mysqli->prepare('SELECT * FROM users ...
mysql_stmt含义,警告::无效的对象或资源mysqli_stmt。含义和解决方案是什么？
2021-02-07 11:45

weixin_39669202的博客 The following code is throwing the mysterious Warnings. I can't understand what they mean. What do these errors indicate and how to eradicate them?...$q = mysqli_stmt_init($dbconn);$qu...
php bind_param传入数组,mysqli bind_param用于字符串数组
2021-04-30 00:43

Hu??的博客您不能将两个变量绑定为一个question mark！对于您绑定的每个变量，您都需要一个 question mark“ bind_param”检查每个变量是否符合要求。之后，将字符串值放在引号之间。这是行不通的。"SELECT name FROM table ...
php mysql bind_PHP mysqli_stmt_bind_param() 函数用法及示例
2021-02-02 20:07

SISUERyep的博客 PHP mysqli_stmt_bind_param() 函数用法及...定义和用法mysqli_stmt_bind_param()函数用于将变量绑定到准备好的语句的参数标记。语法mysqli_stmt_bind_param($stmt,$types,$var1,$var2...);参数序号参数及说明1stm...
php mysql bind_PHP mysqli_stmt_bind_result() 函数用法及示例
2021-03-16 23:30

浊池的博客 PHP mysqli_stmt_bind_result() 函数用法及示例mysqli_stmt_bind_result()函数将变量绑定到预处理语句以存储结果定义和用法mysqli_stmt_bind_result()函数用于将结果集的列绑定到变量。绑定变量后，您需要调用mysqli...
Parameter 2 to mysqli_stmt::bind_param() expected to be a reference
2011-11-04 10:11

lx258963的博客今天在用brophp(是lamp兄弟连里的一个框架)，写程序的时候，老是报一个错误，具体情况是这样...error('数据不存在'); $c = D('news'); $id = $_GET['id']; $num = $c->total(); $page = new Page($num,1...
mysql_stmt_result_metadata使用_调用未定义的方法mysqli_stmt :: get_result
2021-03-03 23:47

学术期刊苏编辑的博客调用未定义的方法mysqli_stmt :: get_result这是我的代码：include'conn.php';$conn=newConnection();$query='SELECTEmailVerified,BlockedFROMusersWHEREEmail=?ANDSLA=?AND`Password`=?';$stmt=$conn-&gt...
PHP的mysqli_stmt_init()函数讲解
2020-10-17 11:53

在准备SQL语句后，我们用mysqli_stmt_bind_param()函数将变量$country的值与SQL语句中的占位符绑定，这里的"s"表示参数类型为字符串(string)。紧接着，用mysqli_stmt_execute()执行这个准备好的语句。执行成功后，...
运行出错：Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in
2018-12-05 09:40

SKY陈的博客 Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in D:\phpStudy\WWW\FunPic\txet\04\addBook.php on line 19Warning: mysqli_stmt_execute() expects parame...
mysql bind param_PHP Mysqli_stmt->bind_param报错的原因与解决办法
2021-01-27 12:10

weixin_39842271的博客插件需要用到数据库中的内容，于是我编写查询查询语句，使用了据说较为安全的mysqli::prepare方法。但是有一个报错困扰了我很久。报错内容为“Fatal error: Uncaught Error: Call to a member function ...
mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepare......
2020-04-08 16:16

caesarding的博客问题：语句中变量的数量与准备语句中的参数的数量不匹配 Warning: mysqli_stmt_bind_param(): Number of variables doesn’t match number of parameters in prepared statement in Warning: mysqli_fetch_array() ...
php mysql函数未定义,PHP致命错误：调用未定义函数mysqli_stmt_get_result（）
2021-04-12 15:43

银币与草绳的博客我正在使用PHP版本5.6，并在主机提供商c面板中启用了扩展mysqlind，但我不知道为什么仍然出现此错误。我进行了研究，发现每次需要启用mysqlind才能使用mysqli_stmt_get_result。任何人都可以协助/教导我在做什么错。...
mysql预处理stmt_mysqli_stmt类：使用预处理语句处理SELECT查询结果
2021-01-28 08:42

牛臂的博客 SQL语句的执行也需要使用mysqli_stmt对象中的execute()方法，但与mysqli对象中的query()方法不同，execute()方法的返回值并不是一个mysqli_result对象。mysqli_stmt对象提供了一种更为精巧的办法来处理SELECT语句...
没有解决我的问题, 去提问

mysqli_stmt :: bind_param（）：类型定义字符串中的元素数与绑定变量警告数不匹配

1条回答 默认 最新

1条回答默认最新