(mysqli_stmt::bind_param():变量数与预准备语句中的参数数量不匹配)
我创建了一个用户类来处理注册登录和配置文件更新,这一切都有效。但是,当用户更新其个人资料时,我会收到上述错误。让我们一步一步走。
首先我有表格
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data">
<div class="form-row">
<label for="firstName">First Name:</label>
<input type="text" name="firstName" id="firstName" value="<?php echo $_SESSION['firstName']; ?>">
</div>
<div class="form-row">
<label for="lastName">Last Name:</label>
<input type="text" name="lastName" id="lastName" value="<?php echo $_SESSION['lastName']; ?>">
</div>
<div class="form-row">
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php echo $_SESSION['username']; ?>">
</div>
<div class="form-row">
<label for="email">Email:</label>
<input type="email" name="email" id="email" value="<?php echo $_SESSION['email']; ?>">
</div>
<div class="form-row">
<label for="profileImage">Profile Image:</label>
<input type="file" name="file" id="file">
</div>
<div class="form-row">
<label for="bio">Bio:</label>
<textarea type="text" name="bio" id="bio"></textarea>
</div>
<div class="form-row">
<input type="submit" name="update" value="Submit Updates" class="btn black pull-left">
</div>
</form>
然后我有上传类来处理事物的文件上传部分。这很好用,在我的用户类中使用。
class Upload
{
public function uploadImages()
{
if (isset($_POST['update'])) {
if (isset($_FILES['file'])) {
$fileName = $_FILES['file']['name'];
$fileName = mt_rand(100000, 999999) . $fileName;
$fileName = preg_replace('#[^a-z0-9.]#i', '', $fileName);
$fileTmp = $_FILES['file']['tmp_name'];
$fileType = $_FILES['file']['type'];
$fileSize = $_FILES['file']['size'];
$fileError = $_FILES['file']['error'];
$extensions = array('jpg', 'jpeg', 'png', 'tif', 'tiff', 'gif', '');
$tmp = explode('.', $fileName);
$fileExtension = strtolower(end($tmp));
// if (!$fileTmp) {
// die('No File Selected, Please try again - <a href="user-profile-edit.php">Try Again?</a>');
// }
if ($fileSize > 2097152) {
die('Error, File too big - <a href="user-profile-edit.php">Try Again?</a>');
}
if (in_array($fileExtension,$extensions) === false and $fileError === 4) {
move_uploaded_file($fileTmp, CURRENTROOT . '../img/upload/profiles/'.$fileName);
$GLOBALS['fileName'] = $fileName;
} elseif (in_array($fileExtension,$extensions) === false) {
die('Acceptable file types are jpg, png, tif, and gif - <a href="user-profile-edit.php">Try Again?</a>');
} else {
move_uploaded_file($fileTmp, CURRENTROOT . '../img/upload/profiles/'.$fileName);
$GLOBALS['fileName'] = $fileName;
}
}
}
}
}
这是处理注册,登录和配置文件更新的用户类。这也有点。它完成了预期的所有操作,但确实返回了上面的箭头。我将省略其余的课程,只展示相关的方法。
public function userProfileEdit()
{
$upload = new Upload();
$upload->uploadImages();
$userID = $_SESSION['userID'];
$result = $this->con->db->query('SELECT * FROM users WHERE userID="'.$userID.'"');
$row = $result->fetch_array(MYSQLI_BOTH);
$_SESSION['firstName'] = $row['firstName'];
$_SESSION['lastName'] = $row['lastName'];
$_SESSION['username'] = $row['username'];
$_SESSION['email'] = $row['email'];
$_SESSION['profileImage'] = $row['profileImage'];
$_SESSION['bio'] = $row['bio'];
if (!empty($_POST)) {
if (isset($_POST['update'])) {
trim($updateFirstName = $_POST['firstName']);
trim($updateLastName = $_POST['lastName']);
trim($updateUsername = $_POST['username']);
trim($updateEmail = $_POST['email']);
trim($updateProfileImage = $GLOBALS['fileName']);
trim($updateBio = $_POST['bio']);
$insert = $this->con->db->prepare('UPDATE users SET
firstName="'.$updateFirstName.'",
lastName="'.$updateLastName.'",
username="'.$updateUsername.'",
email="'.$updateEmail.'",
profileImage="'.$updateProfileImage.'",
bio="'.$updateBio.'"
WHERE userID = '.$userID);
$insert->bind_param('sssssss', $updateFirstName, $updateLastName, $updateUsername, $updateEmail, $updateProfileImage, $updateBio, $userID);
if ($insert->execute()) {
$GLOBALS['profileUpdated'] = '<p>Your profile has been updated. <a href="user-profile-edit.php"><i class="fa fa-refresh"></i> Refresh </a>to see changes.</p>';
}
}
}
}
因此脚本工作,文件上传,信息发送到数据库。据我所知,准备的变量的数量与bind_param中的数量相同。我尝试过包含并排除了准备和绑定中的$userID。为什么我收到错误?我特别困惑,因为即使我得到错误一切正常。
答案 0 :(得分:3)
您收到错误是因为您将7个参数绑定到查询中,但不使用其中任何一个。而是将变量直接插入到查询中,这会导致数据(不安全地)插入到数据库中。
'Iterate through all of the keys to be replaced
For j = 0 To KeyCount - 1
strReplace = TagArray(i, j)
clipBoard.SetText IIf(strReplace = vbNullString, "", strReplace)
clipBoard.PutInClipboard
For Each storyRange In OutputDoc.StoryRanges
Do
With storyRange.Find
.MatchWildcards = True
.Text = KeyArray(j)
.Replacement.Text = "^c"
'.Replacement.Text = strReplace
.Execute Replace:=2
End With
Set storyRange = storyRange.NextStoryRange
Loop While Not storyRange Is Nothing
Next
Next j
Next i
应该是
$insert = $this->con->db->prepare('UPDATE users SET
firstName="'.$updateFirstName.'",
lastName="'.$updateLastName.'",
username="'.$updateUsername.'",
email="'.$updateEmail.'",
profileImage="'.$updateProfileImage.'",
bio="'.$updateBio.'"
WHERE userID = '.$userID);