我要插入的参数数量不定,(2031) No data supplied for parameters in prepared statement在警告后出现错误Number of variables doesn't match number of parameters in prepared statement in SaveIntermediateData.php5 on line 49。
$link = new mysqli( DB_HOST, DB_USER, DB_PASSWORD, DB_NAME );
if( ! $link ) {
echo "<h1>new mysqli() failed!</h1>";
exit( 0 );
}
$queryText =
"CREATE TABLE IF NOT EXISTS visitors (".
"id VARCHAR( 512) CHARACTER SET ASCII NOT NULL,".
"name VARCHAR( 80) CHARACTER SET ASCII NOT NULL,".
"value VARCHAR(4096) NOT NULL,".
"PRIMARY KEY ( `id`, `name` )".
")";
$link->query( $queryText );
$queryText = "INSERT INTO visitors (id,name,value) VALUES ";
foreach( $_POST as $name => $value ) {
$queryText .= '(?,?,?),';
}
$queryText = substr( $queryText, 0, -1 );
$queryText .= ' ON DUPLICATE KEY UPDATE name = VALUES( name ), value = VALUES( value )';
$id = session_id();
$stmt = $link->prepare( $queryText );
if( $stmt ) {
$param_nr = 1;
foreach( $_POST as $name => $value ) {
$stmt->bind_param( 'sss', $id, $name, $value ); //<<<<<<<<< line 49
}
if( $stmt->execute()) {
echo '<h1>OK</h1>';
}
else {
echo "<h1>(".$stmt->errno.") ".$stmt->error."</h1>";
}
}
else {
echo "<h1>".$link->error."</h1>";
}
$link->close();
我相信只bind_param考虑最后一个。在Java中,可以使用索引来绑定参数,但我不知道这样的方法mysqli。我可以创建全文查询,但我更喜欢使用绑定来避免注入。
您只能调用bind_param 一次,因此您必须将所需的所有参数添加到数组中,然后通过 调用它call_user_func_array。
尝试这个:
$params = array('');
foreach( $_POST as $name => $value ) {
$params[0] .= 'sss';
array_push($params, $id, $name, $value);
}
call_user_func_array(array($stmt, 'bind_param'), $params);
if( $stmt->execute()) {
echo '<h1>OK</h1>';
}
| 归档时间: |
|
| 查看次数: |
3654 次 |
| 最近记录: |