警告:mysqli_stmt_bind_param()期望参数1为mysqli_stmt，是否为布尔值? [英] Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given?

问题描述

这是我第一次尝试使用mysqli prepared statement防止我的代码受到sql注入的攻击.所以请保持温柔并用简单的术语进行解释，以便我能理解.

this is the first time ever that I am trying to secure my code against sql injection using mysqli prepared statement. so please be gentle and explain things in simple terms so I can understand it.

现在我正在使用下面的代码，我认为我是对的，但是会引发这些错误，我根本不理解.

Now I am using the following code which I thought i was right but it throws these errors and I do not understand that at all.

以下是错误:

Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given in on line 92

Warning: mysqli_stmt_execute() expects parameter 1 to be mysqli_stmt, boolean given in on line 93

Warning: mysqli_stmt_close() expects parameter 1 to be mysqli_stmt, boolean given in  on line 96

以下是代码:

$stmt = mysqli_prepare(
    $db_conx,
    "INSERT $storenameTable (firstname, lastname, username, address_1, address_2, postcode,  country, county, city, email, password, storeShop, signupdate) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
);
//after validation, of course
mysqli_stmt_bind_param($stmt, "issi", $firstname, $lastname, $username, $address_1, $address_2, $postcode, $country, $county, $city, $email, $hashedPass, $storenameTable);
mysqli_stmt_execute($stmt);     <//<<<<<<<< line 92
if (mysqli_affected_rows($db_conx))     <//<<<<<<<< line 93
{
    mysqli_stmt_close($stmt);  <//<<<<<<<< line 96
    //update was successful
    $id = mysqli_insert_id($db_conx);
}

感谢您的帮助.

推荐答案

似乎您缺少一个参数，应该有13个参数，而13个?在输入密码后检查这两个参数. (我拿出signupdate)尝试以下操作:

It seems that you have a missing parameter, you should have 13 parameters and 13 ? check the two parameters after password. (I took out signupdate) try the below :

$stmt = mysqli_prepare(
    $db_conx,
    "INSERT INTO $storenameTable (firstname, lastname, username, address_1, address_2, postcode,  country, county, city, email, password, storeShop) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
);
//after validation, of course
mysqli_stmt_bind_param($stmt, "issi", $firstname, $lastname, $username, $address_1, $address_2, $postcode, $country, $county, $city, $email, $hashedPass, $storenameTable);
mysqli_stmt_execute($stmt);     <//<<<<<<<< line 92
if (mysqli_affected_rows($db_conx))     <//<<<<<<<< line 93
{
    mysqli_stmt_close($stmt);  <//<<<<<<<< line 96
    //update was successful
    $id = mysqli_insert_id($db_conx);
}

您还可以使用var_dump(mysqli_error($db_conx));

这篇关于警告:mysqli_stmt_bind_param()期望参数1为mysqli_stmt，是否为布尔值?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！