運行準備好的語句（MySQL/PHP）

Question

這是我第一次使用預處理語句，並且遇到了問題。當我運行以下代碼時，出現如下錯誤消息：

警告：mysqli_stmt_bind_param（）[function.mysqli-stmt-bind-param]：類型定義字符串中的元素數與綁定數不匹配變量in ...在線49

第49行是下面的mysqli_stmt_bind_param語句。似乎字符串的數量（「ssssss」）與該語句中正確的字符串數量相匹配，所以我有點不知所措。

<?php 

$var1 = $_POST['var1']; 
$var2 = $_POST['var2']; 
$var3 = $_POST['var3']; 
$var4 = $_POST['var4']; 
$var5 = $_POST['var5']; 
$var6 = $_POST['var6']; 

     if (!empty($var1)&&!empty($var2)&&!empty($var3) 
     &&isset($var4, $var5, $var6)); 

     require_once 'connect.inc.php'; 

     $query = "INSERT INTO tablename (var1, var2, var3, var4, var5, var6) 
     VALUES ('$var1','$var2','$var3','$var4','$var5', '$var6')"; 

     $stmt = mysqli_prepare($link, $query); 

     mysqli_stmt_bind_param($stmt, "ssssss", $var1, $var2, $var3, $var4, $var5, 
     $var6); 

     mysqli_stmt_execute($stmt); 

     if (mysqli_stmt_affected_rows($stmt)==1); 

     mysqli_stmt_close($stmt); 

     $result = mysqli_query($link, $query); 

     if ($result) { 
     echo 'Thank you for your submission.'; 
     }  
     else { 
      echo 'We were unable to process your information.'.mysqli_error($link).' 
      Please ensure all required fields were filled out.; 
      } 

     mysqli_close($link); 
?> 

任何幫助，非常感謝！謝謝！順便說一句，我會得到'謝謝你的提交'。信息。

Answer 1

問題與格式不匹配，這是你沒有參數綁定。參數應該使用?作爲查詢中的佔位符;

$query = "INSERT INTO tablename (var1, var2, var3, var4, var5, var6) 
      VALUES ('$var1','$var2','$var3','$var4','$var5', '$var6')"; 

應該

$query = "INSERT INTO tablename (var1, var2, var3, var4, var5, var6) 
     VALUES (?, ?, ?, ?, ?, ?)"; // <-- six place holders for the parameters 

Answer 2

查詢更改爲：

$query = "INSERT INTO tablename (var1, var2, var3, var4, var5, var6) 
     VALUES (?,?,?,?,?, ?)"; 

要告訴你的綁定設置參數。