它給了我這個警告: 警告:mysqli_query()期望參數1是mysqli,在/ Applications/MAMP中給出的對象在線路45 /htdocs/dashboard/pages/index.phpmysqli_query()期望參數1是mysqli,在/ Applications/MAMP/htdocs/
警告:mysqli_error()預計參數1是上線路50
在/Applications/MAMP/htdocs/dashboard/pages/index.php給出的mysqli,對象我試圖將項目插入表稱爲產品。但不知何故,這個錯誤不會走的方式。
你能告訴我我做錯了什麼嗎?非常感謝。
這是dbconfig.php
<?php
$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "products";
try {
$conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e)
{
echo "Connection failed: " . $e->getMessage();
}
?>
這是PHP代碼
<?php
require_once('dbconfig.php');
$upload_dir = 'uploads/';
if(isset($_POST['submit'])){
$product_picture = $_FILES['product_picture']['name'];
$imgTmp = $_FILES['product_picture']['tmp_name'];
$imgSize = $_FILES['product_picture']['size'];
$product_name = $_POST['product_name'];
$product_number = $_POST['product_number'];
$product_quantity = $_POST['product_quantity'];
$product_price = $_POST['product_price'];
$product_description = $_POST['product_description'];
if(empty($product_name)){
$errorMsg = 'Please input product name';
}elseif(empty($product_number)){
$errorMsg = 'Please input product number';
}elseif(empty($product_quantity)){
$errorMsg = 'Please input product quantity';
}elseif(empty($product_price)){
$errorMsg = 'Please input product price';
}elseif(empty($product_description)){
$errorMsg = 'Please input product description';
}else{
$imgExt = strtolower(pathinfo($product_picture, PATHINFO_EXTENSION));
$allowExt = array('jepg', 'jpg', 'png', 'gif');
$productPic = time().'_'.rand(1000,9999).'.'.$imgExt;
if(in_array($imgExt, $allowExt)){
if($imgSize < 5000000){
move_uploaded_file($imgTmp,$upload_dir.$productPic);
}else{
$errorMsg = 'Image too large';
}
}else{
$errorMsg = 'Please select a valid image';
}
}
if(!isset($errorMsg)){
$sql = "insert into products(product_picture, product_name, product_number, product_quantity, product_price, product_description)
values('".$productPic."', '".$product_name."', '".$product_number."', '".$product_quantity."', '".$product_price."', '".$product_description."')";
$result = mysqli_query($conn, $sql);
if($result){
$successMsg = 'New record added sucessfully';
header('refresh:5;index.php');
}else{
$errorMsg = 'Error'.mysqli_error($conn);
}
}
}
?>
這是形式部分
<form class="inputarea text-center" method="post" action="" enctype="multipart/form-data">
<p id="addProduct" class="addTitle">Add new product</p>
<input id="pName" class="inputs" type="text" placeholder="Name" name="product_name" >
<input id="choose" type = "file" name = "product_picture" />
<input id="pNumber" class="inputs" type="number" placeholder="Prodect No." name="product_number" >
<input id="pQuantity" class="inputs" type="text" placeholder="Quantity" name="product_quantity" >
<input id="pPrice" class="inputs" type="text" placeholder="Price" name="product_price" >
<textarea id="pDescription" class="inputs" placeholder="Description" name="product_description"></textarea>
<button id="confirmBut" type="submit" name="submit" class="btn btn-primary btn-lg center-block">Confirm</button>
</form>
**警告**:使用'mysqli'時,您應該使用[參數化查詢](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)和['bind_param' ](http://php.net/manual/en/mysqli-stmt.bind-param.php)將用戶數據添加到您的查詢。 **不要**使用字符串插值或連接來完成此操作,因爲您創建了嚴重的[SQL注入漏洞](http://bobby-tables.com/)。 **絕不**將'$ _POST'或'$ _GET'數據直接放入查詢中,如果有人試圖利用您的錯誤,這會非常有害。 – tadman
你也慢慢地實現你自己的ORM,所以在你全面使用這種方法之前,需要花一些時間來看看現成的解決方案,如[Doctrine](http://www.doctrine-project.org /), [Propel](http://propelorm.org/)或[Eloquent](https://laravel.com/docs/5.3/eloquent),這些都可以完成所有這些工作,而且只需要大驚小怪。 – tadman
您將問題中的數據庫連接文件列爲config.php,但所需文件的名稱是dbconfig.php。這只是一個錯誤的問題? – tjfo