使用bindValue的准备好的语句不起作用 [英] prepared statement using bindValue not working
问题描述
我是PHP的新手,我正在尝试准备一个准备好的语句.它是我在大学的最后一年的项目,我记得读过,准备好的语句是很好的实践,也适合SQL注入.但是,以下代码给了我Server 500错误.
I'm new to PHP and I'm trying to get a prepared statement to work. Its for my final year project at university and I remember reading that prepared statements are good practice and also good for SQL injections. However the following code gives me a Server 500 error.
<?php
$email = "blah@blah.co.uk";
$hash = "somerandomhashedpassword";
$db = new mysqli("localhost", "root", "1234", "UEAnetwork");
$sql = "INSERT INTO Students (Email, Password) VALUES (?,?)";
$stmt = $db->prepare($sql);
$stmt->bindValue(1, $email);
$stmt->bindValue(2, $hash);
if ($stmt->execute()) {
echo "You have registered!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
}
?>
如果运行以下命令,则会插入一行,因此,我很确定自己已正确连接到数据库.
If I run the following then a row is inserted, so I'm pretty sure I'm connecting to the database properly.
<?php
$db = new mysqli("localhost", "root", "1234", "UEAnetwork");
$sql = "INSERT INTO Students (Email, Password) VALUES ('blah@blah.co.uk','somerandomhashedpassword')";
$stmt = $db->prepare($sql);
if ($stmt->execute()) {
echo "You have registered!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
}
?>
我错误地使用了bindValue
吗?我已经在许多在线教程中看到它是通过这种方式使用的,但是我一定做错了事.
Am I using bindValue
incorrectly? I've seen it used this way in many tutorials online but I must be doing something wrong.
推荐答案
mysqli
具有与PDO
完全不同的API.没有mysql_stmt::bindValue
.您想使用mysql_stmt::bind_param
,但是语法却大不相同:
mysqli
has a very different API than PDO
. There is no mysql_stmt::bindValue
. You want to use mysql_stmt::bind_param
, but the syntax is quite different:
$stmt->bind_param('ss', $email, $hash);
这篇关于使用bindValue的准备好的语句不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!