php mysqli插入变量查询 [英] php mysqli insert variables query
问题描述
好,这是问题所在.我正在尝试将变量插入到预定义的查询中.但是,它不起作用.如果我只是给它一个值,查询就可以工作,但是当我向其中插入变量时,查询将失败.帮助吗?
Ok so here is the question. I am trying to insert a variable into my query that is pre-defined. However it is not working. The query works if I just give it a value, but when I insert a variable into it, it fails. help?
$connection = new mysqli('localhost', 'user', 'pass', 'db');
$username = "test";
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
if ($result = $connection->query("INSERT INTO users (username, password, email, firstName, lastName, createDate) VALUES ('".$username."', 'test', 'test', 'test', 'test', 'test')")){
echo "success";
$result->close();
}
else {
echo "error";
}
$connection->close();
?>
如果我将$ username替换为任何值,它将起作用..我在这里丢失了什么吗?
If I replace $username with any value, it works.. Am I missing something here?
推荐答案
您好,适用于可能仍需要完成原始问题要求的任何人.
Hello this is for anyone who might still need accomplish what was asked in original question.
某人可能不想使用准备好的语句的原因-来自: http://www.php.net/manual/en/mysqli.quickstart.statements.php
A reason why someone possibly might want to not use prepared statements--from: http://www.php.net/manual/en/mysqli.quickstart.statements.php
"使用准备好的语句并不总是最有效的方法 执行一条语句.仅执行一次的准备好的语句会导致 客户端与服务器之间的往返次数要多于未准备的语句."
"Using a prepared statement is not always the most efficient way of executing a statement. A prepared statement executed only once causes more client-server round-trips than a non-prepared statement."
//you will want to clean variables properly before inserting into db
$username = "MyName";
$password = "hashedPasswordc5Uj$3s";
$q = "INSERT INTO `users`(`username`, `password`) VALUES ('".$username."', '".$password."')";
if (!$dbc->query($q)) {
echo "INSERT failed: (" . $dbc->errno . ") " . $dbc->error;
}
echo "Newest user id = ",$dbc->insert_id;
干杯!
这篇关于php mysqli插入变量查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!