2012-03-09 16:55
浏览 73


On form submit, I'm getting a blank page (insert.php) with no error and no success message.

This is the form:

<form action="insert.php" method="post">
Firstname: <input type="text" name="first_name" id="first_name" />
Lastname: <input type="text" name="lastname" />
Age: <input type="text" name="age" />
<input type="submit" />

This is the script:

mysql_select_db("my_db", $con);

$stmt = $db->prepare('INSERT INTO my_table (first_name) VALUES (:first_name)');

$stmt->execute(':first_name', $first_name);

if (!mysql_query($stmt,$con))
  die('Error: ' . mysql_error());
echo "1 record added";


图片转代码服务由CSDN问答提供 功能建议



 &lt; form action =“insert.php”method =“post”&gt; 
第一名:  &lt; input type =“text”name =“first_name”id =“first_name”/&gt; 
姓名:&lt; input type =“text”name =“lastname”/&gt; 
Age:&lt; input type =“text  “name =”age“/&gt; 
&lt; input type =”submit“/&gt; 
&lt; / form&gt; 

这是脚本:\ n

  mysql_select_db(“my_db”,$ con); 
 $ stmt = $ db-&gt; prepare('INSERT INTO my_table(first_name)VALUES(  :first_name)'); 
 $ stmt-&gt; execute(':first_name',$ first_name); 
if(!mysql_query($ stmt,$ con))
 die(  '错误:'。mysql_error()); 
mysql_close($ con)
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • duankuangxie9070
    duankuangxie9070 2012-03-09 16:58

    You need to create a PDO object to be able to use prepared statements. Instead you have opened a connection with mysql_connect(). The two do not mix, and PDO is preferred between them as it is more easily secured through the use of prepared statements (among other reasons).

    From the PDO docs:

    // This establishes your connection using PDO.
    // The PDO connection object is $db
    /* Connect to an ODBC database using driver invocation */
    $dsn = 'mysql:dbname=testdb;host=';
    $user = 'dbuser';
    $password = 'dbpass';
    try {
        $db = new PDO($dsn, $user, $password);
    } catch (PDOException $e) {
        echo 'Connection failed: ' . $e->getMessage();

    Pass an associative array to execute(), rather than a list of arguments representing your placeholders. The

    // Now that the PDO object is successfully created, prepare your statement
    $stmt = $db->prepare('INSERT INTO my_table (first_name) VALUES (:first_name)');
    // Arg to execute() should be an associative array
    $stmt->execute(array(':first_name' => $first_name));

    The following call to mysql_query() is unnecessary, as you have already executed the prepared statement with PDO.

    // Don't do this
    // mysql_select_db("my_db", $con);
    // Or this...
    //if (!mysql_query($stmt,$con))
    //  die('Error: ' . mysql_error());
    // Or this...
    // mysql_close($con)
    点赞 评论
  • du127953
    du127953 2012-03-09 16:59

    Youre trying to use 2 different MySQL interfaces at the same time. The mysql_* family of functions use the ext/mysql extension... The prepared statement stuff is PDO. You need to choose one or the other. Since PDO is really the way to go ill give you an example with that:

    $db = new PDO($dsn, $user, $password);
    try {
       $stmt = $db->prepare('INSERT INTO my_table (first_name) VALUES (:first_name)');
       if($stmt->execute(array(':first_name' => $first_name))) {
          echo "1 record added";
    } catch (PDOException $e) {
      die('Error: ' . $e->getMessage());

    The docs on the Mysql DSN (the first argument to the PDO constructor) can be found here.

    点赞 评论