Con*_*nel 1 php prepared-statement bindvalue
我是PHP的新手,我正在努力获得准备好的声明.这是我在大学的最后一年项目,我记得读过准备好的陈述是很好的做法,也适合SQL注入.但是,以下代码给出了Server 500错误.
<?php
$email = "blah@blah.co.uk";
$hash = "somerandomhashedpassword";
$db = new mysqli("localhost", "root", "1234", "UEAnetwork");
$sql = "INSERT INTO Students (Email, Password) VALUES (?,?)";
$stmt = $db->prepare($sql);
$stmt->bindValue(1, $email);
$stmt->bindValue(2, $hash);
if ($stmt->execute()) {
echo "You have registered!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
}
?>
如果我运行以下内容然后插入一行,所以我很确定我正确连接到数据库.
<?php
$db = new mysqli("localhost", "root", "1234", "UEAnetwork");
$sql = "INSERT INTO Students (Email, Password) VALUES ('blah@blah.co.uk','somerandomhashedpassword')";
$stmt = $db->prepare($sql);
if ($stmt->execute()) {
echo "You have registered!!!!!!!!!!!!!!!!!!!!!!!!!!!!";
}
?>
我使用bindValue不正确吗?我已经看到它在网上的许多教程中使用这种方式,但我一定做错了.
mysqli有一个非常不同的API PDO.没有mysql_stmt::bindValue.你想使用mysql_stmt::bind_param,但语法是完全不同的:
$stmt->bind_param('ss', $email, $hash);