mysqli_stmt :: bind_param():类型定义字符串中的元素数量与绑定变量的数量不匹配 [英] mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables

问题描述

因此，我需要执行大量令人头痛的查询，涉及到需要使用mysqli准备的语句将 65 表单输入注入数据库.

我遇到的问题是它说我试图调用bind_param的变量数量与我正在使用的"s"数量不匹配. 我数了数次，但看不到我要去哪里错了.有65个变量和65个"s".

谁能看到我想念的东西?还是我可能以错误的方式使用bind_param方法?

// Preparing our query statement via mysqli which will auto-escape all bad characters to prevent injection
$query3 = 'INSERT INTO datashep_AMS.COMPLETE_APPLICATIONS (
    project_name,
    status,
    funding_requested,
    project_title,
    program,
    county,
    parish,
    name_of_watercourse,
    which_is_a_tributary_of,
    name_of_applicant,
    contact_person_or_project_supervisor,
    relationship_to_organization,
    business_phone,
    home_phone,
    email,
    signature_of_thesis_or_study_supervisor,
    mailing_address,
    postal_code,
    website,
    mailing_address_for_payment,
    hst_registration_no,
    total_cost_dollar,
    total_cost_percent,
    dollar_amount_requested_from_nbwtf,
    percent_amount_requested_from_nbwtf,
    descriptive_summary,
    background_of_organization,
    mandate,
    years_in_existence,
    membership,
    accomplishments,
    previous_project_name,
    previous_project_number,
    previous_project_amount_received_from_nbwtf,
    summary_of_activities,
    summary_of_Results,
    project_title_2,
    reason_and_or_purpose,
    objectives,
    project_description,
    methods,
    equipment_and_materials_required,
    personnel_required,
    proposed_start_date,
    proposed_end_date,
    type_of_data_to_be_stored,
    where_will_it_be_housed,
    monitoring,
    short_term_achievement,
    long_term_achievement,
    previous_studies,
    required_permits,
    consultants,
    short_term_commitment,
    long_term_commitment,
    project_duration,
    project_evaluation,
    promotion_of_project,
    promotion_of_client,
    publication_of_results,
    community_benefits,
    effects_on_traditional_uses,
    possible_changes_in_public_access_to_areas,
    possible_impact_on_wildlife_and_or_environment,
    likelihood_of_future_requests_for_funding,
    list_all_other_funding_sources_for_this_project
) VALUES (
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?
)';

// "Preparing" the query using mysqli->prepare(query) -- which is the equivalent of mysql_real_escape_string -- in other words, it's the SAFE database injection method
$stmt = $dbConnection->prepare($query3);

// "Bind_param" == replace all the "?"'s in the aforementioned query with the variables below

$stmt->bind_param("s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s", $project_name, $status, $funding_requested, $project_title, $program, $county, $parish, $name_of_watercourse, $which_is_a_tributary_of, $name_of_applicant, $contact_person_or_project_supervisor, $relationship_to_organization, $business_phone, $home_phone, $email, $signature_of_thesis_or_study_supervisor, $mailing_address, $postal_code, $website, $mailing_address_for_payment, $hst_registration_no, $total_cost_dollar, $total_cost_percent, $dollar_amount_requested_from_nbwtf, $percent_amount_requested_from_nbwtf, $descriptive_summary, $background_of_organization, $mandate, $years_in_existence, $membership, $accomplishments, $previous_project_name, $previous_project_number, $previous_project_amount_received_from_nbwtf, $summary_of_activities, $summary_of_Results, $project_title_2, $reason_and_or_purpose, $objectives, $project_description, $methods, $equipment_and_materials_required, $personnel_required, $proposed_start_date, $proposed_end_date, $type_of_data_to_be_stored, $where_will_it_be_housed, $monitoring, $short_term_commitment, $long_term_achievement, $previous_studies, $required_permits, $consultants, $short_term_commitment, $long_term_commitment, $project_duration, $project_evaluation, $promotion_of_project, $promotion_of_client, $publication_of_results, $community_benefits, $effects_on_traditional_uses, $possible_changes_in_public_access_to_areas, $possible_impact_on_wildlife_and_or_environment, $likelihood_of_future_requests_for_funding, $list_all_other_funding_sources_for_this_project);

// Perform the actual query!
$stmt->execute();

解决方案

字符串中的字符不应用逗号分隔:

$stmt->bind_param("sss...", /* variables */);

您可以在手册页上的示例中看到这种格式的演示. /p>

So I have this massive headache inducing query that I need to perform involving 65 form inputs needing to be injected into a database using mysqli prepared statements.

The issue I'm running into is that it says the # of variables I am attempting to call bind_param on does not match the # of "s"'s that I am using. I counted a dozen times and do not see where I am going wrong here. There are 65 variables, and 65 "s"'s.

Can anyone see something I'm missing? Or am I perhaps using the bind_param method in an incorrect manner?

// Preparing our query statement via mysqli which will auto-escape all bad characters to prevent injection
$query3 = 'INSERT INTO datashep_AMS.COMPLETE_APPLICATIONS (
    project_name,
    status,
    funding_requested,
    project_title,
    program,
    county,
    parish,
    name_of_watercourse,
    which_is_a_tributary_of,
    name_of_applicant,
    contact_person_or_project_supervisor,
    relationship_to_organization,
    business_phone,
    home_phone,
    email,
    signature_of_thesis_or_study_supervisor,
    mailing_address,
    postal_code,
    website,
    mailing_address_for_payment,
    hst_registration_no,
    total_cost_dollar,
    total_cost_percent,
    dollar_amount_requested_from_nbwtf,
    percent_amount_requested_from_nbwtf,
    descriptive_summary,
    background_of_organization,
    mandate,
    years_in_existence,
    membership,
    accomplishments,
    previous_project_name,
    previous_project_number,
    previous_project_amount_received_from_nbwtf,
    summary_of_activities,
    summary_of_Results,
    project_title_2,
    reason_and_or_purpose,
    objectives,
    project_description,
    methods,
    equipment_and_materials_required,
    personnel_required,
    proposed_start_date,
    proposed_end_date,
    type_of_data_to_be_stored,
    where_will_it_be_housed,
    monitoring,
    short_term_achievement,
    long_term_achievement,
    previous_studies,
    required_permits,
    consultants,
    short_term_commitment,
    long_term_commitment,
    project_duration,
    project_evaluation,
    promotion_of_project,
    promotion_of_client,
    publication_of_results,
    community_benefits,
    effects_on_traditional_uses,
    possible_changes_in_public_access_to_areas,
    possible_impact_on_wildlife_and_or_environment,
    likelihood_of_future_requests_for_funding,
    list_all_other_funding_sources_for_this_project
) VALUES (
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?,
    ?
)';

// "Preparing" the query using mysqli->prepare(query) -- which is the equivalent of mysql_real_escape_string -- in other words, it's the SAFE database injection method
$stmt = $dbConnection->prepare($query3);

// "Bind_param" == replace all the "?"'s in the aforementioned query with the variables below

$stmt->bind_param("s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s,s", $project_name, $status, $funding_requested, $project_title, $program, $county, $parish, $name_of_watercourse, $which_is_a_tributary_of, $name_of_applicant, $contact_person_or_project_supervisor, $relationship_to_organization, $business_phone, $home_phone, $email, $signature_of_thesis_or_study_supervisor, $mailing_address, $postal_code, $website, $mailing_address_for_payment, $hst_registration_no, $total_cost_dollar, $total_cost_percent, $dollar_amount_requested_from_nbwtf, $percent_amount_requested_from_nbwtf, $descriptive_summary, $background_of_organization, $mandate, $years_in_existence, $membership, $accomplishments, $previous_project_name, $previous_project_number, $previous_project_amount_received_from_nbwtf, $summary_of_activities, $summary_of_Results, $project_title_2, $reason_and_or_purpose, $objectives, $project_description, $methods, $equipment_and_materials_required, $personnel_required, $proposed_start_date, $proposed_end_date, $type_of_data_to_be_stored, $where_will_it_be_housed, $monitoring, $short_term_commitment, $long_term_achievement, $previous_studies, $required_permits, $consultants, $short_term_commitment, $long_term_commitment, $project_duration, $project_evaluation, $promotion_of_project, $promotion_of_client, $publication_of_results, $community_benefits, $effects_on_traditional_uses, $possible_changes_in_public_access_to_areas, $possible_impact_on_wildlife_and_or_environment, $likelihood_of_future_requests_for_funding, $list_all_other_funding_sources_for_this_project);

// Perform the actual query!
$stmt->execute();

解决方案

The characters in the string should not be separated by commas:

$stmt->bind_param("sss...", /* variables */);

You can see this format demonstrated in the examples on the manual page.

这篇关于mysqli_stmt :: bind_param():类型定义字符串中的元素数量与绑定变量的数量不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！