mysqli错误 - bind_param:变量数量不匹配

时间:2015-05-23 09:28:42

标签: php mysqli bindparam

我收到以下错误,但我一遍又一遍地计算了一切,一切似乎都没问题。有没有人有任何想法?

错误:

  

警告:mysqli_stmt :: bind_param()[mysqli-stmt.bind-param]:Number of   变量与预备语句中的参数数量不匹配    /home/ambnews/public_html/invoice/response.php 在线    204

代码:

// invoice customer information
    // billing
    $customer_name = $mysqli->real_escape_string($_POST['customer_name']); // customer name
    $customer_email = $mysqli->real_escape_string($_POST['customer_email']); // customer email
    $customer_address_1 = $mysqli->real_escape_string($_POST['customer_address_1']); // customer address
    $customer_address_2 = $mysqli->real_escape_string($_POST['customer_address_2']); // customer address
    $customer_town = $mysqli->real_escape_string($_POST['customer_town']); // customer town
    $customer_county = $mysqli->real_escape_string($_POST['customer_county']); // customer county
    $customer_postcode = $mysqli->real_escape_string($_POST['customer_postcode']); // customer postcode
    $customer_phone = $mysqli->real_escape_string($_POST['customer_phone']); // customer phone number

    //shipping
    $customer_name_ship = $mysqli->real_escape_string($_POST['customer_name_ship']); // customer name (shipping)
    $customer_address_1_ship = $mysqli->real_escape_string($_POST['customer_address_1_ship']); // customer address (shipping)
    $customer_address_2_ship = $mysqli->real_escape_string($_POST['customer_address_2_ship']); // customer address (shipping)
    $customer_town_ship = $mysqli->real_escape_string($_POST['customer_town_ship']); // customer town (shipping)
    $customer_county_ship = $mysqli->real_escape_string($_POST['customer_county_ship']); // customer county (shipping)
    $customer_postcode_ship = $mysqli->real_escape_string($_POST['customer_postcode_ship']); // customer postcode (shipping)

    $query = "INSERT INTO store_customers (
                    name,
                    email,
                    address_1,
                    address_2,
                    town,
                    county,
                    postcode,
                    phone,
                    name_ship,
                    address_1_ship,
                    address_2_ship,
                    town_ship,
                    county_ship,
                    postcode_ship
                ) VALUES (
                    '".$customer_name."',
                    '".$customer_email."',
                    '".$customer_address_1."',
                    '".$customer_address_2."',
                    '".$customer_town."',
                    '".$customer_county."',
                    '".$customer_postcode."',
                    '".$customer_phone."',
                    '".$customer_name_ship."',
                    '".$customer_address_1_ship."',
                    '".$customer_address_2_ship."',
                    '".$customer_town_ship."',
                    '".$customer_county_ship."',
                    '".$customer_postcode_ship."'
                );
            ";

    /* Prepare statement */
    $stmt = $mysqli->prepare($query);
    if($stmt === false) {
      trigger_error('Wrong SQL: ' . $query . ' Error: ' . $mysqli->error, E_USER_ERROR);
    }

    print_r($stmt->bind_param(
        'sssssssissssss',
        $customer_name,$customer_email,$customer_address_1,$customer_address_2,$customer_town,$customer_county,$customer_postcode,
        $customer_phone,$customer_name_ship,$customer_address_1_ship,$customer_address_2_ship,$customer_town_ship,$customer_county_ship,$customer_postcode_ship));

    /* Bind parameters. TYpes: s = string, i = integer, d = double,  b = blob */
    $stmt->bind_param(
        'sssssssissssss',
        $customer_name,$customer_email,$customer_address_1,$customer_address_2,$customer_town,$customer_county,$customer_postcode,
        $customer_phone,$customer_name_ship,$customer_address_1_ship,$customer_address_2_ship,$customer_town_ship,$customer_county_ship,$customer_postcode_ship);

    /* Execute statement */
    $stmt->execute();

    if($stmt->execute()){
        //if saving success
        echo json_encode(array(
            'status' => 'Success',
            'message' => 'Customer has been created successfully!'
        ));
    } else {
        // if unable to create invoice
        echo json_encode(array(
            'status' => 'Error',
            'message' => 'There has been an error, please try again.'
            // debug
            //'message' => 'There has been an error, please try again.<pre>'.$mysqli->error.'</pre><pre>'.$query.'</pre>'
        ));
    }

    //close database connection
    $mysqli->close();

1 个答案:

答案 0 :(得分:0)

您需要查看manual

  1. 当您使用预准备语句时,不应该转义您的值,因为您将在数据中添加文字反斜杠。
  2. 您不应该在查询中注入变量,而应使用占位符(mysqli中的问号)。这些都与你的价值观有关。
  3. 所以你的查询是:

    $query = "INSERT INTO store_customers (
                    name,
                    email,
                    // etc.
                ) VALUES (
                    ?,
                    ?,
                    // etc.
                );
            ";
    

    你绑定你的价值观:

    $stmt->bind_value(
        'sssssssissssss',
        $_POST['customer_name'],
        $_POST['customer_email'],
        // etc.
    );
    

    请注意,我使用的是bind_value()而不是bind_param(),因为它似乎仅使用一次,因此无需绑定参数,您可以直接绑定值。但它应该没有什么区别。