全新编码：致命错误：调用布尔型的成员函数execute（）

Question

我假设“布尔”它出现为“假”... 任何人都可以解释什么可能是错误吗？ 我的代码可能完全有缺陷，但我想要一些建设性的批评。

<?php 

if ($_SERVER['REQUEST_METHOD'] = "POST") { 

include("mytableconn.php"); 

$firstName = mysqli_real_escape_string($conn, trim($_POST['firstn'])); 
$lastName = mysqli_real_escape_string($conn, trim($_POST['lastn'])); 
$email = mysqli_real_escape_string($conn, trim($_POST['uemail'])); 
$password = mysqli_real_escape_string($conn, trim($_POST  ['userpasscode'])); 
$cryption = "$2y$10$"; 
$chars = "thisisseriouslyfucked1"; 
$crypchar = $cryption . $chars; 
$crypass = crypt($password, $crypchar); 

$user = $conn->prepare(" 
INSERT INTO mytable(first_name, last_name, e_mail, pass_word) 
VALUES(?, ?, ?, ?) 
"); 

$user = $user->bind_param("ssss", $firstName, $lastName, $email, $crypass); 

$user->execute(); 

$user->close(); 
$conn->close(); 


}else { 

echo("Sorry, an unexpected error occurred"); 

} 





?> 

Answer 1

当你prepare的SQL分配它作为一个变量 - 那么你应该在继续检查SQL是否有效之前测试变量。

mysqli_prepare() returns a statement object or FALSE if an error occurred

<?php 

    if ($_SERVER['REQUEST_METHOD'] = "POST") { 

     include("mytableconn.php"); 

     $firstName = mysqli_real_escape_string($conn, trim($_POST['firstn'])); 
     $lastName = mysqli_real_escape_string($conn, trim($_POST['lastn'])); 
     $email = mysqli_real_escape_string($conn, trim($_POST['uemail'])); 
     $password = mysqli_real_escape_string($conn, trim($_POST['userpasscode'])); 

     $cryption = "$2y$10$"; 
     $chars = "thisisseriouslyfucked1"; 
     $crypchar = $cryption . $chars; 
     $crypass = crypt($password, $crypchar); 



     $stmt = $conn->prepare("insert into `mytable` (`first_name`, `last_name`, `e_mail`, `pass_word`) values (?, ?, ?, ?)"); 

     if($stmt){ 
      $stmt->bind_param("ssss", $firstName, $lastName, $email, $crypass); 
      $stmt->execute(); 
      $stmt->close(); 
     } 
     $conn->close(); 


    }else { 
     echo("Sorry, an unexpected error occurred"); 
    } 
?>