Insert into table with prepared statement

后端未结

关注

 3  759

I\'m trying to insert data from a form into a database using PHP and Mysqli but I can\'t get it working! My database has 4 fields: DATE, TITLE, CONTENT, ID. The ID field is auto

相关标签:

3条回答

太阳男子

2021-01-24 20:11

since you are using auto increment field you need to specify column name and then values try this code

$query = "INSERT INTO Blog (colname_1,colname_2,colname_3) VALUES (?, ?, ?)";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("sss", $blogDate, $_POST["bTitle"], $_POST["bContent"]);
$stmt->execute();

0 讨论(0)

余生分开走

2021-01-24 20:13

Since you are aware about prepared statement:

$newBlog = $mysqli->prepare('INSERT INTO Blog (`dateCol`, `titleCol`, `contentCol`) VALUES (?, ?, ?)');
$newBlog->bind_param( 'sss', $blogDate, $_POST["bTitle"], $_POST["bContent"] );
$newBlog->execute();
$newBlog->close();

0 讨论(0)

不思量自难忘°

2021-01-24 20:29
You are generating SQL containing strings that are not quoted or escaped.

Don't insert the data directly into the SQL string, use placeholders (?) and then bind the parameters before executing.
```
$query = "INSERT INTO Blog VALUES (?, ?, ?)";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("sss", $blogDate, $_POST["bTitle"], $_POST["bContent"]);
$stmt->execute();
```
0 讨论(0)
发布评论:

提交评论
- 加载中...