我之前的问题已关闭,因为他们说这是重复的,但重复的帖子没有回答我的问题。因此,我再次在编辑部分添加了一些附加评论,以说明为什么重复的帖子对我没有帮助。
我正在尝试动态构建准备好的语句,但不断收到以下错误:
mysqli_stmt_bind_param(): Number of elements in type definition string doesn't match number of bind variables in
当我回显我的语句时,类型定义的数量与绑定(bind)变量匹配,所以我不知道出了什么问题。我认为我的代码可能会传递字符串、引号或其他内容而不是变量,但我对准备好的语句不熟悉,不确定如何检查我的查询。当使用简单的 mysqli_query 时,我可以回显查询并查看错误所在。我不确定如何使用准备好的语句来做到这一点,所以我希望有人可以帮助发现我的错误。
我正在尝试动态构造准备语句,以便可以重用代码,如下所示:
$db = mysqli_stmt_init($dbconnection);
// I have looped through my fields and constructed a string that when
// echoed returns this:
// ?, ?, ?, ?,
// I use sub str just to remove the last comma and space leaving me
// with the string
// ?, ?, ?, ?.
// Ive echoed this to the browser to make sure it is correct.
$preparedQs = substr($preparedQs, 0, -2);
// I then loop through each field using their datatype and constructs
// the type string as follows ssss. Ive echoed this to the browser to
// make sure it is correct.
$preparedType = 'ssss';
// I then loop through my post array verifying and cleaning the data
// and then it constructing a string of clean values that results in
// Mike, null, Smith, Sr., (First, Middle, Last, Suffix) I use substr
// again just to remove the last comma and space. Ive echoed this to
// the browser to make sure it is correct.
$cleanstr = substr($cleanstr, 0, -2);
// I then explode that string into a an array that I can loop through
// and assign/bind each value to a variable as follows and use substr
// again to remove last comma and space.
$cleanstr = explode(", ", $cleanstr);
$ct2 = 0;
foreach ( $cleanstr as $cl){
$name = "a".$ct2;
$$name = $cl;
$varstr .= "$".$name.", ";
$ct2 = $ct2 +1;
}
$varstr = substr($varstr, 0, -2);
// I've echoed the $varstr to the browser and get $a1, $a2, $a3, $a4.
// I have also echo their value outside of the loop and know values
// have been assigned.
// I then try to assign each step above the appropriate
// prepared statement place holder
$stmt = mysqli_stmt_prepare($db, "INSERT INTO Contacts VALUES (". $preparedQs. ")");
mysqli_stmt_bind_param($db, "'".$preparedType."'", $varstr);
mysqli_stmt_execute($stmt);
我不确定我做错了什么,因为当我回显 $preparedQs
、$preparedType
和 $varstr
时,它们都有元素数量相同,但我收到“mysqli_stmt_bind_param():类型定义字符串中的元素数量与...中的绑定(bind)变量数量不匹配”错误。我所能想到的就是我有引号或一些我不应该的东西,但我尝试在某些区域添加和删除引号,但无法解决错误。
另外,我读了一些关于在准备好的语句中传递 null 的文章,但即使我用实际值替换 null,我仍然遇到相同的错误。
可能值得注意的是,当使用简单的过程mysqli_query
和mysqli_real_escape_string
来清理我的数据时,一切工作正常。我试图通过将我的应用程序转换为准备好的语句来提高我的安全性,只是为了增加安全性。
这个问题有所不同有两个原因
我使用的是过程编码,而不是对象或 PDO。因此,作为准备好的陈述的新手,即使在尝试理解它们之后,给出的示例也没有帮助。
我使用的是插入语句,而不是选择或更新语句,在程序 PHP 中,插入的查询字符串与选择或更新语句的查询字符串的编写方式不同。
//更新的代码
global $dbconnection;
if(!$dbconnection){
die("Function wm_dynamicForm connection failed.</br>");
} else {
//echo "</br>Function wm_connectionToDatabase connection success</br>";
}
$db = mysqli_stmt_init($dbconnection);
$preparedQs = substr($preparedQs, 0, -2); //removes the end , from my string
$cleanstr = substr($cleanstr, 0, -2); //removes the end , from my string
$cleanstr = explode(", ", $cleanstr);
$ct = 0;
foreach ( $cleanstr as $cl){
$items[] = array(
'a'.$ct => $cl,
);
$ct = $ct + 1;
}
$stmt = mysqli_stmt_prepare($db, "INSERT INTO Contacts VALUES (". $preparedQs. ")");
mysqli_stmt_bind_param($db, $preparedType, ...$items);
mysqli_stmt_execute($stmt);
if(!mysqli_stmt_execute($stmt)){
echo "Error: ".mysqli_error($db);
}
最佳答案
您可以使用 php 5.6 的功能进行动态绑定(bind),该功能称为解包运算符/省略号 ...
。
$db = mysqli_connect('localhost', 'root', 'pass', 'database');
$data = array('name' => 'foo', 'age' => 99, 'email' => '<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3f5e5d5c7f5e5d5c115c5052" rel="noreferrer noopener nofollow">[email protected]</a>');
$stmt = mysqli_stmt_prepare($db, "INSERT INTO Contacts VALUES (". $preparedQs. ")");
mysqli_stmt_bind_param($db, $preparedType, ...$data);
mysqli_stmt_execute($stmt);
关于PHP 准备语句 - 动态变量元素数量错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44527250/