尝试将数据插入mySQL数据时T_OBJECT_OPERATOR [关闭]

问题描述：

trying to input code into the sqldatabase...what am i missing in here? Parse error: syntax error, unexpected T_OBJECT_OPERATOR

<?php
$name = "";
$email = "";
$msg_to_user = "";
if ($_POST['name'] != "") {

    require_once("storescripts/connect_to_mysqli.php");

    // Be sure to filter this data to deter SQL injection, filter before querying database
    $name = $_POST['name'];
    $email = $_POST['email'];
    $sqlCommand = "SELECT * FROM newsletter WHERE email='$email'";
    $sql = mysqli_query($myConnection,$sqlCommand);
    $numRows = mysqli_num_rows($sql);
        if (!$email) {

        $msg_to_user = '<br /><br /><h4><font color="FF0000">Please type an email address ' . $name . '.</font></h4>';
    } else if ($numRows > 0) {
        $msg_to_user = '<br /><br /><h4><font color="FF0000">' . $email . ' is already in the system.</font></h4>';

    } else {
        $sqlCommand="INSERT INTO newsletter (name, email, dateTime)                                                     VALUES(?,?,NOW() )";
$stmt= $myConnection->prepare($sqlCommand);
$stmt=->bind_param('ss',$name,$email);
$stmt->execute();
    $msg_to_user = '<br /><br /><h4><font color="0066FF">Thanks ' . $name . ', you have been added successfully.</font></h4>';
        $name = "";
        $email = "";
    }
}
?>

尝试将代码输入sqldatabase ...我在这里缺少什么？解析错误：语法错误，意外的T_OBJECT_OPERATOR p>

 ＆lt;？php 
 $ name =“”; 
 $ email =“”; 
 $ msg_to_user =“”; 
if（$ _POST [  'name']！=“”）{
 
 require_once（“storescripts / connect_to_mysqli.php”）; 
 
 //确保过滤此数据以阻止SQL注入，在查询数据库之前进行过滤
 $ name  = $ _POST ['name']; 
 $ email = $ _POST ['email']; 
 $ sqlCommand =“SELECT * FROM newsletter WHERE email ='$ email'”; 
 $ sql = mysqli_query（$ myConnection  ，$ sqlCommand）; 
 $ numRows = mysqli_num_rows（$ sql）; 
 if（！$ email）{
 
 $ msg_to_user ='＆lt; br /＆gt;＆lt; br /＆gt;＆lt; h4＆gt;＆lt;  ; font color =“FF0000”＆gt;请输入电子邮件地址'。  $ name。  '。＆lt; / font＆gt;＆lt; / h4＆gt;'; 
} else if（$ numRows＆gt; 0）{
 $ msg_to_user ='＆lt; br /＆gt;＆lt; br /＆gt;＆lt; h4＆gt;＆lt;  ; font color =“FF0000”＆gt;'  。  $ email。  '已经在系统中。＆lt; / font＆gt;＆lt; / h4＆gt;'; 
 
}其他{
 $ sqlCommand =“INSERT INTO newsletter（name，email，dateTime）VALUES（？，？，NOW（  ））“; 
 $ stmt = $ myConnection-＆gt; prepare（$ sqlCommand）; 
 $ stmt =  - ＆gt; bind_param（'ss'，$ name，$ email）; 
 $ stmt-＆gt; execute（  ）; 
 $ msg_to_user ='＆lt; br /＆gt;＆lt; br /＆gt;＆lt; h4＆gt;＆lt; font color =“0066FF”＆gt;谢谢'。  $ name。  '，您已成功添加。＆lt; / font＆gt;＆lt; / h4＆gt;'; 
 $ name =“”; 
 $ email =“”; 
} 
} 
？＆gt; 
   pre> 
  div>

答

You have this code:

$stmt=->bind_param('ss',$name,$email);

It should be this:

$stmt->bind_param('ss',$name,$email);

Further (unrelated) advice:

Fix your SQL injection vulnerabilities by using parameterized queries. See How can I prevent SQL injection in PHP?
Correctly and consistently indent your code to prevent unreadability.

尝试将数据插入mySQL数据时T_OBJECT_OPERATOR [关闭]

相关推荐