警告:mysqli_stmt :: bind_param():类型定义字符串中的元素数量与绑定变量的数量不匹配11 [英] Warning: mysqli_stmt::bind_param(): Number of elements in type definition string doesn't match number of bind variables 11

问题描述

我反对SQL注入的代码无法正常工作(标题中显示错误消息).

My code against SQL injection isn't working (error message in title).

我简化了代码，但仍然无法正常工作.

I simplified my code, but its still not working.

<?php
include "conf.php";

$db = new mysqli($MYSQL_HOST, $MYSQL_USER, $MYSQL_PASS, $MYSQL_DB);

$ltime =10;
$url= 1;
$title =2;



$result = $db->prepare("INSERT INTO links VALUES ('', ?, ?, ?)");
$result->bind_param('ss', $url, $title, $ltime);
$result->execute();

我创建了数据库，所有变量都是整数，第一个值是ID，并且使用自动增量标记创建.

I created DB and all variables are integer, first value is ID and it is created with an auto Increment flag.

推荐答案

您必须在bind_param方法中放置三个"s"，因为要绑定三个变量

You have to put three "s" in the bind_param method, because there are three variables to bind

$result = $db->prepare("INSERT INTO links VALUES (NULL, ?, ?, ?)");

$result->bind_param('sss', $url, $title, $ltime);

我也最好为自动递增字段传递一个空NULL值，而不是一个空字符串

I's also better to pass a null NULL value for the autoincremented field instead of an empty string

这篇关于警告:mysqli_stmt :: bind_param():类型定义字符串中的元素数量与绑定变量的数量不匹配11的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！