尝试将数据插入mySQL数据时T_OBJECT_OPERATOR [关闭]
问题描述:
trying to input code into the sqldatabase...what am i missing in here? Parse error: syntax error, unexpected T_OBJECT_OPERATOR
<?php
$name = "";
$email = "";
$msg_to_user = "";
if ($_POST['name'] != "") {
require_once("storescripts/connect_to_mysqli.php");
// Be sure to filter this data to deter SQL injection, filter before querying database
$name = $_POST['name'];
$email = $_POST['email'];
$sqlCommand = "SELECT * FROM newsletter WHERE email='$email'";
$sql = mysqli_query($myConnection,$sqlCommand);
$numRows = mysqli_num_rows($sql);
if (!$email) {
$msg_to_user = '<br /><br /><h4><font color="FF0000">Please type an email address ' . $name . '.</font></h4>';
} else if ($numRows > 0) {
$msg_to_user = '<br /><br /><h4><font color="FF0000">' . $email . ' is already in the system.</font></h4>';
} else {
$sqlCommand="INSERT INTO newsletter (name, email, dateTime) VALUES(?,?,NOW() )";
$stmt= $myConnection->prepare($sqlCommand);
$stmt=->bind_param('ss',$name,$email);
$stmt->execute();
$msg_to_user = '<br /><br /><h4><font color="0066FF">Thanks ' . $name . ', you have been added successfully.</font></h4>';
$name = "";
$email = "";
}
}
?>
尝试将代码输入sqldatabase ...我在这里缺少什么? 解析错误:语法错误, 意外的T_OBJECT_OPERATOR p>
&lt;?php
$ name =“”;
$ email =“”;
$ msg_to_user =“”;
if($ _POST [ 'name']!=“”){
require_once(“storescripts / connect_to_mysqli.php”);
//确保过滤此数据以阻止SQL注入,在查询数据库之前进行过滤
$ name = $ _POST ['name'];
$ email = $ _POST ['email'];
$ sqlCommand =“SELECT * FROM newsletter WHERE email ='$ email'”;
$ sql = mysqli_query($ myConnection ,$ sqlCommand);
$ numRows = mysqli_num_rows($ sql);
if(!$ email){
$ msg_to_user ='&lt; br /&gt;&lt; br /&gt;&lt; h4&gt;&lt; ; font color =“FF0000”&gt;请输入电子邮件地址'。 $ name。 '。&lt; / font&gt;&lt; / h4&gt;';
} else if($ numRows&gt; 0){
$ msg_to_user ='&lt; br /&gt;&lt; br /&gt;&lt; h4&gt;&lt; ; font color =“FF0000”&gt;' 。 $ email。 '已经在系统中。&lt; / font&gt;&lt; / h4&gt;';
}其他{
$ sqlCommand =“INSERT INTO newsletter(name,email,dateTime)VALUES(?,?,NOW( ))“;
$ stmt = $ myConnection-&gt; prepare($ sqlCommand);
$ stmt = - &gt; bind_param('ss',$ name,$ email);
$ stmt-&gt; execute( );
$ msg_to_user ='&lt; br /&gt;&lt; br /&gt;&lt; h4&gt;&lt; font color =“0066FF”&gt;谢谢'。 $ name。 ',您已成功添加。&lt; / font&gt;&lt; / h4&gt;';
$ name =“”;
$ email =“”;
}
}
?&gt;
pre>
div>
答
You have this code:
$stmt=->bind_param('ss',$name,$email);
It should be this:
$stmt->bind_param('ss',$name,$email);
Further (unrelated) advice:
- Fix your SQL injection vulnerabilities by using parameterized queries. See How can I prevent SQL injection in PHP?
- Correctly and consistently indent your code to prevent unreadability.