duanjiao6730 2015-11-30 02:39
浏览 54
已采纳

PHP mysqli编写语句INSERT错误

I am currently trying to set up a prepared statement to allow users to sign up for my web page. My POST information passes correctly to my submit page from my form, and I am able to successfully insert ?'s upon submission if I remove the prepared statement, but I get an error with this current code.

<?php 

if(isset($_POST['submit'])){

$uid = 'NULL';   
$fn = $_POST['fn'];
$ln = $_POST['ln'];
$u = $_POST['u'];
$p = $_POST['p'];
$dob = $_POST['dob'];
$sx = $_POST['sx'];
$pn = $_POST['pn'];
$a = $_POST['a'];
$up = $_POST['CURRENT_TIMESTAMP'];
$c = $_POST['cn'];
$s = $_POST['s'];
$z = $_POST['z'];

require_once('../mysqli_connect.php');

$query = "INSERT INTO u (userid, fn, ln, username, p, dob, sx, pn, em, a, up) 
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";

$stmt = mysqli_prepare($mysqli, $query);
if($stmt){
$stmt->bind_param('isssssssssi', $uid, $fn, $ln, $u, $p, $dob, $sx, $pn, $em, $a, $up);

$stmt->execute();

$stmt->close();

}

if (mysqli_query($mysqli, $query)) {
  $userid = mysqli_insert_id($mysqli);
  echo "Your user ID is ". $userid;
} else {
echo "Error: " . $query . "<br>" . mysqli_error($mysqli);
}
// display error if occurs
var_dump($mysqli);

mysqli_close($mysqli);

?>

Here is the error code that I receive:

Error: INSERT INTO u (userid, fn, ln, username, p, dob, sx, pn, em, a, up) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)' at line 1

I have tried changing versions of php, I am currently running 5.3, but when I switch to anything beyond I get an error for mysqli class. I have tried back ticking and quoting the ?'s but that does not seem to work either. I am hoping someone can expand upon what is already available regarding prepared statement, because I have searched high and low and have been unable to find what my problem stems from. So, I guess my question is, how do I correctly pass my variables via a prepared statement, and what syntax do I need to use near the ? placeholders?

Updated code:

if(isset($_POST['submit'])){

$uid = 'NULL';  
$fn = $_POST['fn'];
$ln = $_POST['ln'];
$u = $_POST['u'];
$p = $_POST['p'];
$dob = $_POST['dob'];
$sx = $_POST['sx'];
$pn = $_POST['pn'];
$em = $_POST['em'];
$a = $_POST['a'];
$c = $_POST['cn'];
$s = $_POST['s'];
$z = $_POST['z'];


require_once('../mysqli_connect_aimU.php');

$query = "INSERT INTO u (userid, fn, ln, username, p, dob, sx, pn, em, a) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
if (!$stmt = mysqli_prepare($mysqli, $query)) {
echo "Error: ".$stmt->error;
exit();
}
if(!$stmt->bind_param('isssssssss', $uid, $fn, $ln, $u, $p, $dob, $sx, $pn, $em, $a)){
echo "Error: ".$stmt->error;
}
if($stmt->execute()){
$userid = $stmt->insert_id;
echo "Your user ID is ".$userid;
} else {
echo "Error: ".$stmt->error;
}

$cityid= "SELECT id FROM c WHERE cn = '$c' LIMIT 1";
$result = mysqli_fetch_array($cityid);
if ($result != true) {
$query = "INSERT INTO c (cn) VALUES (?)";
if(!$stmt->bind_param('s', $cn)) {
echo "insert error dawg".$stmt->error;
}
if(!$stmt->execute()){
$cityid = $stmt->insert_id;
echo "Your city ID is".$cityid;
} else {
$query = "INSERT INTO ucl (cid, uid) VALUES (?, ?)";
if(!$stmt = mysqli_prepare($mysqli, $query)) {
echo "Error: ".$stmt->error;
exit();
}
if(!$stmt->bind_param('ss', $cityid, $userid)){
echo "Error: ".$stmt->error;
}
if (!$stmt->execute()){
echo "Error: ".$stmt->error;
}
} 
}
  • 写回答

1条回答 默认 最新

  • dongshang1934 2015-11-30 02:55
    关注

    You have used prepared statements so you don't then need to also use mysqli_query(). You can/should error check at each step to help identify any problems.

    $query = "INSERT INTO u (userid, fn, ln, username, p, dob, sx, pn, em, a, up) 
        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
    if (!$stmt = mysqli_prepare($mysqli, $query))
    {
        echo "Error: ".$stmt->error;
        exit();
    }
    if (!$stmt->bind_param('isssssssssi', $uid, $fn, $ln, $u, $p, $dob, $sx, $pn, $em, $a, $up))
    {
        echo "Error: ".$stmt->error;
        exit();
    }
    if ($stmt->execute()) {
        $userid = $stmt->insert_id;
        echo "Your user ID is ". $userid;
    } else {
        echo "Error: ".$stmt->error;
    }
    $stmt->close();
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 写segy数据时出错3
  • ¥100 linux下qt运行QCefView demo报错
  • ¥50 F1C100S下的红外解码IR_RX驱动问题
  • ¥15 用Matlab实现图中的光线追迹
  • ¥15 联想笔记本开机出现系统更新界面
  • ¥15 各位帮帮我 我不想重做系统
  • ¥30 微信小程序蓝牙数据透传
  • ¥15 加氢站氢负荷数据集来源
  • ¥15 umi接入sentry遇到问题
  • ¥15 HBuilderX打包H5网页,扫码模块无法使用