dpd2349 2015-07-18 17:18
浏览 83
已采纳

致命错误:调用未定义的函数bind_param()

I want to retrieve student name from database using mysql LIKE, i have following form

  <form action="search.php" method="POST">
        <input type="text" name="search" id="search-input">
        <input type="submit" value="Submit" id="submit">
  </form>

And my search.php

<?php 
        require_once 'db.php';
        if (isset($_POST['search']) && !empty($_POST['search'])) {
            $search_param = trim($_POST['search']);

            $slct_search = $db->prepare("SELECT student_name FROM student_details WHERE student_name LIKE ?") or die($db->error);
            $slct_search = bind_param('s', $search_param);
            $slct_search->execute();        
            $res = $slct_search->get_result();  
            if($res->num_rows) {            
                while ($result = $res->fetch_object()) {
                    echo $result->student_name;
                }
            } else {
                echo 'OOPS we had a problem';
            }   
        }
    ?>

When I click the submit button i am receiving following error

Fatal error: Call to undefined function bind_param() in F:\xampp\htdocs\sel\search.php on line 7

  • 写回答

2条回答 默认 最新

  • duanlai1855 2015-07-18 17:44
    关注

    Have you tried:

    $slct_search->bind_param('s', $search_param);
    

    Also note that you might use trim() but it still leaves you open to SQL-injection. Try to do someting like:

    $db->real_escape_string( trim( $_POST['search'] ) );
    

    Read about some other escapeing here:

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 我想在一个软件里添加一个优惠弹窗,应该怎么写代码
  • ¥15 fluent的在模拟压强时使用希望得到一些建议
  • ¥15 STM32驱动继电器
  • ¥15 Windows server update services
  • ¥15 关于#c语言#的问题:我现在在做一个墨水屏设计,2.9英寸的小屏怎么换4.2英寸大屏
  • ¥15 模糊pid与pid仿真结果几乎一样
  • ¥15 java的GUI的运用
  • ¥15 Web.config连不上数据库
  • ¥15 我想付费需要AKM公司DSP开发资料及相关开发。
  • ¥15 怎么配置广告联盟瀑布流