我是初学者“程序员”,请原谅我的无知。为了安全起见,我正在使用准备好的声明。回显else子句,而不执行INSERT INTO语句。我正在从HTML表单传递隐藏值:
<input type="hidden" value="EVS1" name="CustomerCode" />
<?php
include ('../etc/mysql_connect.php');
if(isset($_POST['submit'])) {
$FirstName= trim( $_POST['FirstName'] );
$LastName= trim( $_POST['LastName'] );
$Address1= trim( $_POST['Address1'] );
$Address2= trim( $_POST['Address2'] );
$City= trim( $_POST['City'] );
$State= trim( $_POST['State'] );
$Zip= trim( $_POST['Zip'] );
$Email= trim( $_POST['Email'] );
$calculated_date = date('m-d-Y', time() + 86400 * 42);
$stmt = $conn->prepare("INSERT INTO xxx SET FirstName = ?,LastName = ?,Address1 = ?,Address2 = ?,City = ?,State = ?,Zip = ?,Email = ?,CustomerCode = CustomerCode,DrawingEntryDate = NOW() ");
$stmt->bind_param("sssssssss", $_POST['FirstName'] , $_POST['LastName'], $_POST['Address1'], $_POST['Address2'], $_POST['City'], $_POST['State'], $_POST['Zip'], $_POST['Email'], $_POST['CustomerCode']);
$stmt->execute();
$affected_rows= mysqli_stmt_affected_rows ($stmt);
if ($affected_rows ==1){
echo '<body bgcolor="#F9F9F9"><h2>Thank You!</h2><font type="Arial,Helvetica, sans-serif" size="3">We have successfully received your entry. Good luck!<br><br>Names are drawn randomly each month, and notified via email. If your name is chosen, please expect delivery within 4-6 weeks. Your order is scheduled to be delivered by '.$calculated_date.'.</font></body>';
mysqli_stmt_close($stmt);
mysqli_close($dbconnect);
} else {
echo '<body bgcolor="#F9F9F9"><h2>Oops!</h2><font type="Arial,Helvetica, sans-serif" size="3">There is a limit of 1 entry per day. <b>'.$FirstName.'</b> has already entered on '.$DrawingEntryDate.' .</font></body>';
echo mysqli_error();
mysqli_stmt_close($stmt);
mysqli_close($dbconnect);
}
}
?>
您在查询中具有八个参数占位符,并尝试将九个参数绑定到该占位符。
这里:
$stmt = $conn->prepare("INSERT INTO xxx SET FirstName = ?,LastName = ?,Address1 = ?,Address2 = ?,City = ?,State = ?,Zip = ?,Email = ?,CustomerCode = CustomerCode,DrawingEntryDate = NOW() ");
$stmt->bind_param("sssssssss", $_POST['FirstName'] , $_POST['LastName'], $_POST['Address1'], $_POST['Address2'], $_POST['City'], $_POST['State'], $_POST['Zip'], $_POST['Email'], $_POST['CustomerCode']);
您忘记为CustomerCode放置参数占位符。
如果总是将DrawingEntryDate设置为NOW(),则可以将其保留在查询之外,并将该列设置为默认值。