1. 首頁
  2. 問答
  3. PHP bind_param數不匹配的參數

PHP bind_param數不匹配的參數

2016-01-06 75 views
-5

mysqli_stmt::bind_param():的變量數不匹配的在準備好的聲明中的參數個數)PHP bind_param數不匹配的參數

我做了一個用戶類來處理註冊登錄和配置文件更新這一切都有效。但是,當用戶更新他們的配置文件時,我會收到上述錯誤。讓我們一步一步來。

首先,我有如下形式

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data"> 
    <div class="form-row"> 
     <label for="firstName">First Name:</label> 
     <input type="text" name="firstName" id="firstName" value="<?php echo $_SESSION['firstName']; ?>"> 
    </div> 
    <div class="form-row"> 
     <label for="lastName">Last Name:</label> 
     <input type="text" name="lastName" id="lastName" value="<?php echo $_SESSION['lastName']; ?>"> 
    </div> 
    <div class="form-row"> 
     <label for="username">Username:</label> 
     <input type="text" name="username" id="username" value="<?php echo $_SESSION['username']; ?>"> 
    </div> 
    <div class="form-row"> 
     <label for="email">Email:</label> 
     <input type="email" name="email" id="email" value="<?php echo $_SESSION['email']; ?>"> 
    </div> 
    <div class="form-row"> 
     <label for="profileImage">Profile Image:</label> 
     <input type="file" name="file" id="file"> 
    </div> 
    <div class="form-row"> 
     <label for="bio">Bio:</label> 
     <textarea type="text" name="bio" id="bio"></textarea> 
    </div> 
    <div class="form-row"> 
     <input type="submit" name="update" value="Submit Updates" class="btn black pull-left"> 
    </div> 
</form>

然後我有一個處理事情的文件上傳部分上傳類。這工作正常,並在我的用戶類中使用。

class Upload 
{ 
    public function uploadImages() 
    { 
     if (isset($_POST['update'])) { 
      if (isset($_FILES['file'])) { 
       $fileName = $_FILES['file']['name']; 
       $fileName = mt_rand(100000, 999999) . $fileName; 
       $fileName = preg_replace('#[^a-z0-9.]#i', '', $fileName); 
       $fileTmp = $_FILES['file']['tmp_name']; 
       $fileType = $_FILES['file']['type']; 
       $fileSize = $_FILES['file']['size']; 
       $fileError = $_FILES['file']['error']; 
       $extensions = array('jpg', 'jpeg', 'png', 'tif', 'tiff', 'gif', ''); 
       $tmp = explode('.', $fileName); 
       $fileExtension = strtolower(end($tmp)); 

       // if (!$fileTmp) { 
       //  die('No File Selected, Please try again - <a href="user-profile-edit.php">Try Again?</a>'); 
       // } 
       if ($fileSize > 2097152) { 
        die('Error, File too big - <a href="user-profile-edit.php">Try Again?</a>'); 
       } 
       if (in_array($fileExtension,$extensions) === false and $fileError === 4) { 
        move_uploaded_file($fileTmp, CURRENTROOT . '../img/upload/profiles/'.$fileName); 
        $GLOBALS['fileName'] = $fileName; 
       } elseif (in_array($fileExtension,$extensions) === false) { 
        die('Acceptable file types are jpg, png, tif, and gif - <a href="user-profile-edit.php">Try Again?</a>'); 
       } else { 
        move_uploaded_file($fileTmp, CURRENTROOT . '../img/upload/profiles/'.$fileName); 
        $GLOBALS['fileName'] = $fileName; 
       } 
      } 
     } 
    } 
}

這是處理註冊,登錄和配置文件更新的用戶類。這也是有效的。它盡其所能做的一切,但它確實返回上述箭頭。我將會拋棄其他課程,只是展示相關的方法。

public function userProfileEdit() 
{ 
    $upload = new Upload(); 
    $upload->uploadImages(); 

    $userID = $_SESSION['userID']; 
    $result = $this->con->db->query('SELECT * FROM users WHERE userID="'.$userID.'"'); 
    $row = $result->fetch_array(MYSQLI_BOTH); 

    $_SESSION['firstName'] = $row['firstName']; 
    $_SESSION['lastName'] = $row['lastName']; 
    $_SESSION['username'] = $row['username']; 
    $_SESSION['email'] = $row['email']; 
    $_SESSION['profileImage'] = $row['profileImage']; 
    $_SESSION['bio'] = $row['bio']; 

    if (!empty($_POST)) { 
     if (isset($_POST['update'])) { 
      trim($updateFirstName = $_POST['firstName']); 
      trim($updateLastName = $_POST['lastName']); 
      trim($updateUsername = $_POST['username']); 
      trim($updateEmail = $_POST['email']); 
      trim($updateProfileImage = $GLOBALS['fileName']); 
      trim($updateBio = $_POST['bio']); 

      $insert = $this->con->db->prepare('UPDATE users SET 
       firstName="'.$updateFirstName.'", 
       lastName="'.$updateLastName.'", 
       username="'.$updateUsername.'", 
       email="'.$updateEmail.'", 
       profileImage="'.$updateProfileImage.'", 
       bio="'.$updateBio.'" 
       WHERE userID = '.$userID); 

      $insert->bind_param('sssssss', $updateFirstName, $updateLastName, $updateUsername, $updateEmail, $updateProfileImage, $updateBio, $userID); 
      if ($insert->execute()) { 
       $GLOBALS['profileUpdated'] = '<p>Your profile has been updated. <a href="user-profile-edit.php"><i class="fa fa-refresh"></i> Refresh </a>to see changes.</p>'; 
      } 
     } 
    } 
}

因此,腳本工作,文件上傳和信息發送到數據庫。據我所見,準備的變量的數量與bind_param中的數量相同。我已經嘗試過,並且從準備和綁定中排除$userID。爲什麼我會收到錯誤?我特別困惑,因爲即使我得到的錯誤一切正常。

來源

2016-01-06 badsyntax

回答

3

由於您將7個參數綁定到查詢,但不使用其中任何一個,您會收到錯誤。而是直接將變量插入到查詢中,這會導致數據被(不安全地)插入到數據庫中。

$insert = $this->con->db->prepare('UPDATE users SET 
      firstName="'.$updateFirstName.'", 
      lastName="'.$updateLastName.'", 
      username="'.$updateUsername.'", 
      email="'.$updateEmail.'", 
      profileImage="'.$updateProfileImage.'", 
      bio="'.$updateBio.'" 
      WHERE userID = '.$userID);

應該

$insert = $this->con->db->prepare('UPDATE users SET 
      firstName= ?, 
      lastName= ?, 
      username= ?, 
      email= ?, 
      profileImage= ?, 
      bio= ? 
      WHERE userID = ?');

閱讀更多:http://php.net/manual/en/mysqli-stmt.bind-param.php

來源

2016-01-06 23:56:58 JimL

相關問題

 相關問題