0
我想用一個名爲editable grid(http://www.editablegrid.net/en/)的工具創建mysql條目。我剛剛在代碼中添加了2個textfields ..但它看起來像mysql準備代碼不喜歡我在做什麼。PHP - Mysql的準備不會執行
多數民衆贊成在PHP代碼:
require_once('config.php');
// Database connection
$mysqli = mysqli_init();
$mysqli->options(MYSQLI_OPT_CONNECT_TIMEOUT, 5);
$mysqli->real_connect($config['db_host'],$config['db_user'],$config['db_password'],$config['db_name']);
// Get all parameter provided by the javascript
$name = $mysqli->real_escape_string(strip_tags($_POST['name']));
$firstname = $mysqli->real_escape_string(strip_tags($_POST['firstname']));
$uid = $mysqli->real_escape_string(strip_tags($_POST['uid']));
$show = $mysqli->real_escape_string(strip_tags($_POST['show']));
$tablename = $mysqli->real_escape_string(strip_tags($_POST['tablename']));
$return=false;
if ($stmt = $mysqli->prepare("INSERT INTO ".$tablename." (name, firstname, uid, show) VALUES ( ?, ?, ?, ?)")) {
$stmt->bind_param("ssss", $name, $firstname, $uid, $show);
$return = $stmt->execute();
$stmt->close();
}
$mysqli->close();
echo $return ? "ok" : "error";
這裏的HTML代碼:
<div id="addform" style="height:210px;">
<div class="row">
<input type="text" id="name" name="name" placeholder="name" />
</div>
<div class="row">
<input type="text" id="firstname" name="firstname" placeholder="firstname" />
</div>
<div class="row">
<input type="text" id="uid" name="uid" placeholder="uid" />
</div>
<div class="row">
<input type="text" id="show" name="show" placeholder="show" />
</div>
<div class="row tright">
<a id="addbutton" class="button green" ><i class="fa fa-save"></i> Apply</a>
<a id="cancelbutton" class="button delete">Cancel</a>
</div>
</div>
他們都是使用JavaScript和這個工作連接在一起。我剛剛添加了2個文本框。在PHP代碼中出現錯誤。 Arent在準備聲明中允許使用4個值?
不要逃避和參數,只是參數。不要越過表名,使用允許名稱的白名單。當你執行發生的事情時,你會得到一個錯誤嗎? – chris85