0
我想用一个名为editable grid(http://www.editablegrid.net/en/)的工具创建mysql条目。我刚刚在代码中添加了2个textfields ..但它看起来像mysql准备代码不喜欢我在做什么。PHP - Mysql的准备不会执行
多数民众赞成在PHP代码:
require_once('config.php');
// Database connection
$mysqli = mysqli_init();
$mysqli->options(MYSQLI_OPT_CONNECT_TIMEOUT, 5);
$mysqli->real_connect($config['db_host'],$config['db_user'],$config['db_password'],$config['db_name']);
// Get all parameter provided by the javascript
$name = $mysqli->real_escape_string(strip_tags($_POST['name']));
$firstname = $mysqli->real_escape_string(strip_tags($_POST['firstname']));
$uid = $mysqli->real_escape_string(strip_tags($_POST['uid']));
$show = $mysqli->real_escape_string(strip_tags($_POST['show']));
$tablename = $mysqli->real_escape_string(strip_tags($_POST['tablename']));
$return=false;
if ($stmt = $mysqli->prepare("INSERT INTO ".$tablename." (name, firstname, uid, show) VALUES ( ?, ?, ?, ?)")) {
$stmt->bind_param("ssss", $name, $firstname, $uid, $show);
$return = $stmt->execute();
$stmt->close();
}
$mysqli->close();
echo $return ? "ok" : "error";
这里的HTML代码:
<div id="addform" style="height:210px;">
<div class="row">
<input type="text" id="name" name="name" placeholder="name" />
</div>
<div class="row">
<input type="text" id="firstname" name="firstname" placeholder="firstname" />
</div>
<div class="row">
<input type="text" id="uid" name="uid" placeholder="uid" />
</div>
<div class="row">
<input type="text" id="show" name="show" placeholder="show" />
</div>
<div class="row tright">
<a id="addbutton" class="button green" ><i class="fa fa-save"></i> Apply</a>
<a id="cancelbutton" class="button delete">Cancel</a>
</div>
</div>
他们都是使用JavaScript和这个工作连接在一起。我刚刚添加了2个文本框。在PHP代码中出现错误。 Arent在准备声明中允许使用4个值?
不要逃避和参数,只是参数。不要越过表名,使用允许名称的白名单。当你执行发生的事情时,你会得到一个错误吗? – chris85