全新編碼：致命錯誤：調用布爾型的成員函數execute（）

Question

我假設「布爾」它出現爲「假」... 任何人都可以解釋什麼可能是錯誤嗎？ 我的代碼可能完全有缺陷，但我想要一些建設性的批評。

<?php 

if ($_SERVER['REQUEST_METHOD'] = "POST") { 

include("mytableconn.php"); 

$firstName = mysqli_real_escape_string($conn, trim($_POST['firstn'])); 
$lastName = mysqli_real_escape_string($conn, trim($_POST['lastn'])); 
$email = mysqli_real_escape_string($conn, trim($_POST['uemail'])); 
$password = mysqli_real_escape_string($conn, trim($_POST  ['userpasscode'])); 
$cryption = "$2y$10$"; 
$chars = "thisisseriouslyfucked1"; 
$crypchar = $cryption . $chars; 
$crypass = crypt($password, $crypchar); 

$user = $conn->prepare(" 
INSERT INTO mytable(first_name, last_name, e_mail, pass_word) 
VALUES(?, ?, ?, ?) 
"); 

$user = $user->bind_param("ssss", $firstName, $lastName, $email, $crypass); 

$user->execute(); 

$user->close(); 
$conn->close(); 


}else { 

echo("Sorry, an unexpected error occurred"); 

} 





?> 

Answer 1

當你prepare的SQL分配它作爲一個變量 - 那麼你應該在繼續檢查SQL是否有效之前測試變量。

mysqli_prepare() returns a statement object or FALSE if an error occurred

<?php 

    if ($_SERVER['REQUEST_METHOD'] = "POST") { 

     include("mytableconn.php"); 

     $firstName = mysqli_real_escape_string($conn, trim($_POST['firstn'])); 
     $lastName = mysqli_real_escape_string($conn, trim($_POST['lastn'])); 
     $email = mysqli_real_escape_string($conn, trim($_POST['uemail'])); 
     $password = mysqli_real_escape_string($conn, trim($_POST['userpasscode'])); 

     $cryption = "$2y$10$"; 
     $chars = "thisisseriouslyfucked1"; 
     $crypchar = $cryption . $chars; 
     $crypass = crypt($password, $crypchar); 



     $stmt = $conn->prepare("insert into `mytable` (`first_name`, `last_name`, `e_mail`, `pass_word`) values (?, ?, ?, ?)"); 

     if($stmt){ 
      $stmt->bind_param("ssss", $firstName, $lastName, $email, $crypass); 
      $stmt->execute(); 
      $stmt->close(); 
     } 
     $conn->close(); 


    }else { 
     echo("Sorry, an unexpected error occurred"); 
    } 
?>