我有这样的错误:PHP bind_param不工作中的mysqli
Call to a member function bind_param() on a non-object in /home/ccraft50/public_html/C-Blog/InsertDataPosts.php on line 15
<?php
$servername2 = "localhost";
$username2 = "My DB";
$password2 = "My Pass";
$dbname2 = "My DB";
// Create connection
$dbconn2 = new mysqli($servername2, $username2, $password2, $dbname2);
// Check connection
if ($dbconn2->connect_error) {
die("Connection failed: " . $dbconn2->connect_error);
}
$insIndexData = $dbconn2->prepare("INSERT INTO " . str_replace(str_split('\\/:*?"<>|.$+-%#@!~&;\',=~` '), "_", $_POST['filename']) . "_Index (SubjectName, IndexData) VALUES (?, ?)");
$str_prot_index = array('<script>', '</script>', '<?php', '?>', '<html', '</html>', '<body', '</body>', '<head', '</head>', '<pre', '</pre>', '<div', '</div>');
$insIndexData->bind_param('ss', $_POST['filename'], str_replace($str_prot_index, '', $_POST['comment']));
$insIndexData->execute();
$insIndexData->close();
if($dbconn2->prepare($insIndexData)) {
echo "Successfuly Insert data for index!";
} else {
echo "Error: " . $dbconn2->error;
}
$dbconn2->close();
?>
我猜你的查询失败了;回声它看看它是什么样子 - 你正在做很多处理,以确保表名是正确的,我怀疑有什么问题。 – andrewsi
$ insIndexData? – CharlesCraft50
如果你真的必须这样(我怀疑它,请参阅下面的答案),你应该使用白名单,而不是黑名单字符为您的表名称;试图访问系统的黑客可能会想到比黑名单更多的字符。 – jeroen