開捕致命錯誤:類對象的mysqli不能在...轉換爲字符串PHP,開捕致命錯誤:類的mysqli的對象無法轉換爲字符串
這是我的index.php
<?php
session_start();
include("db.php");
?>
<html>
<head>
<title>BLog</title>
</head>
<body>
<?php
require("nbbc/nbbc.php");
$bbcode = new BBCode;
if (!$bbcode){
die($con->error);
}
$sql = "SELECT * FROM post ORDER BY id DESC";
$res = mysqli_query($db, $sql) or die (mysqli_error());
$posts = "";
if(mysqli_num_rows($res) > 0) {
while($row = mysqli_fetch_assoc($res)) {
$id = $row['id'];
$title = $row['title'];
$content = $row['content'];
$date = $row['date'];
$admin = "<div><a href='del_post.php? pid=$id'>Delete</a> <a href='edit_post.php?pid=$id'>Edit</a></div>";
$output = $bbcode -> Parse($content);
$posts = "<div><h2><a href='view_post.php?pid=$id'>$title</a></h2><h3>$date</h3><p>$output</p>$admin</div>";
}
echo $posts->fetch_object()->memTotal;
}else {
echo "There are no posts to display"."<br>";
echo "<a href='post.php'>POST!</a>";
}
?>
</body>
</html>
,這是post.php中:
<?php
session_start();
include("db.php");
if(isset($_POST['post'])){
$title = strip_tags($_POST['title']);
$content = strip_tags($_POST['content']);
$title = mysqli_real_escape_string($db, $title);
$content = mysqli_real_escape_string($db, $content);
$data = date('l jS \of F Y h:i:s A');
$sql="INSERT INTO post VALUES(null,'$title','$content','$data')";
if($title == ""|| $content == ""){
echo "Please complete your post";
return;
};
mysqli_query("$db, $sql");
header("Location: index.php");
};
?>
<html>
<head>
<title>Blog - Post</title>
</head>
<body>
<form action="post.php" method="post" enctype="multipart/form-data">
<input placeholder="Title" name="title" type="text" autofocus size="48"><br /><br />
<textarea placeholder="Content" name="content" rows="20" cols="50"></textarea><br />
<input name="post" type="submit" value="Post">
</form>
</body>
</html>
,這是db.php中:
<?php
$db=mysqli_connect("localhost","root","","test");
?>
這是給這種錯誤的「開捕致命錯誤:類對象的mysqli不能用C轉換爲字符串:\ XAMPP \ htdocs中\上線21網絡\博客\ post.php中」 有什麼問題嗎?
你調用一個字符串,而不是兩個參數的'mysqli_query'功能。此外,您應該使用準備/參數化查詢,而不是直接向查詢字符串添加變量(如$ title,$ content和$ data)。這樣你就可以確定你是安全的SQL注入黑客,你可以跳過使用strip_tags/mysqli_real_escape_string – JimL
'$ posts'是一個對象嗎? '$ posts-> fetch_object() - > memTotal;' – Chay22