0

我不明白为什么这么简单的事情这么难。

现在,当我点击提交时,我得到了错误:

注意:未定义变量:第 6 行 C:\xampp\htdocs\DataHandling.php 中的 conn

致命错误:在第 6 行的 C:\xampp\htdocs\DataHandling.php 中的 null 上调用成员函数 prepare()

我的表格有效,代码:

<html>
<head>
    <title>Gym Form</title>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form action="DataHandling.php" method="post">

    <span>Gym Membership Registration</span><br><br>
    <Span>Title: </Span><input type ="text" Value =" " name ="Title" /><br>
    <Span>First Name: </Span><input type ="text" Value =" " name ="Fname" /><br>
    <Span>Last Name: </Span><input type ="text" Value =" " name ="Lname" /><br><br>
    <Span>Gender: </Span><select name ="Gender">
        <option value ="Junior">Male</option>
        <option value ="Adult">Female</option>
        <option value ="Senior">Private</option>
    </select><br>

    <Span>DOB: </Span><input type ="date" name ="DOB" /><br><br>
    <Span>MembershipExpiry: </Span> <input type ="date" name ="MemX" /><br>
    <Span>MembershipType: </Span><select name = "MemType">
        <option value ="Junior">Junior</option>
        <option value ="Adult">Adult</option>
        <option value ="Senior">Senior</option>
    </select><br><br>
    <Span>Email Address: </Span><input type ="email" name ="Email" /><br><br>

    <input type="Submit" name="submit" value ="Submit Form">

然后我收到一条很好的消息,告诉我与数据库的连接已确认,conn.php:

<?php


$hostname = 'localhost';
$username = 'root';
$password = '';
$dbName = 'gym';

try
{
    //Attempt connection passing in predefined connection variables.
    $conn = new PDO("mysql:host=$hostname;dbname=$dbName", $username, $password);
    echo ("Connected to Database Successfully. Welcome ".$username);
}
catch(PDOException $e)
{
    //Use exception E to return PDO/MySQL specific error messages
    echo $sql . "<br>" . $e->getMessage();
}



    </body>
</form>
</html>

?>

但是,我将数据从表单输入到准备好的数据库中度过了一段非常糟糕的时光。

我已经尝试过 Sqli,现在尝试了别的东西。

<?php


    //Prepare HTML insert statement binding parameters
    $stmt = $conn->prepare("INSERT INTO records (Title,Fname,Lname,Gender,DOB,MemX,MemType,Email) 
    VALUES ('$title', '$fname', '$lname', '$gender', '$dob', '$memx', '$memtype', '$email')");

        $stmt ->bindParam(':Title', $title);
        $stmt ->bindParam(':Fname', $fname);
        $stmt ->bindParam(':Lname', $lname);
        $stmt ->bindParam(':Gender', $gender);
        $stmt ->bindParam(':DOB', $dob);
        $stmt ->bindParam(':MemX', $memx);
        $stmt ->bindParam(':MemType', $memtype);
        $stmt ->bindParam(':Email', $email);

    //Attempt row insertion by executing prepared statement
    try
    {
        //Insert a row

        $title = $_POST['Title'];
        $fname = $_POST['Fname'];
        $lname = $_POST['Lname'];
        $gender = $_POST['Gender'];
        $dob = $_POST['DOB'];
        $memx = $_POST['MemX'];
        $memtype = $_POST['MemType'];
        $email = $_POST['Email'];

        $stmt->execute();
    }
    catch (PDOException $e)
    {
        echo $e->getMessage();
    }

    //Close Connection
    $conn = null;

?>
4

2 回答 2

1

这不是 PDO 准备好的语句的工作方式。这是一个例子:

$s = $conn->prepare('SELECT * FROM table WHERE column=:value');
$s->bindParam(':value', $value);

详情请参阅手册

于 2016-05-14T13:52:21.840 回答
1

如果您在 DataHandling.php 之上包含 conn.php ,则由于您正在设置

$conn = null在 conn.php 的末尾。

连接文件

<?php

$hostname = 'localhost';
$username = 'root';
$password = '';
$dbName = 'gym';

$conn = null;
try
{
    //Attempt connection passing in predefined connection variables.
    $conn = new PDO("mysql:host=$hostname;dbname=$dbName", $username, $password);
}
catch(PDOException $e)
{
    //Use exception E to return PDO/MySQL specific error messages
    echo $sql . "<br>" . $e->getMessage();
}

?>

DataHandling.php 你准备的语句也是错误的。

<?php
require_once 'conn.php';

//Prepare HTML insert statement binding parameters
$stmt = $conn->prepare("INSERT INTO records (Title,Fname,Lname,Gender,DOB,MemX,MemType,Email) 
VALUES (:Title, :Fname, :Lname, :Gender, :DOB, :MemX, :MemType, :Email)");

$title = $_POST['Title'];
$fname = $_POST['Fname'];
$lname = $_POST['Lname'];
$gender = $_POST['Gender'];
$dob = $_POST['DOB'];
$memx = $_POST['MemX'];
$memtype = $_POST['MemType'];
$email = $_POST['Email'];

//Attempt row insertion by executing prepared statement
try
{
    //Insert a row
    $stmt->bindParam(':Title', $title);
    $stmt->bindParam(':Fname', $fname);
    $stmt->bindParam(':Lname', $lname);
    $stmt->bindParam(':Gender', $gender);
    $stmt->bindParam(':DOB', $dob);
    $stmt->bindParam(':MemX', $memx);
    $stmt->bindParam(':MemType', $memtype);
    $stmt->bindParam(':Email', $email);

    $stmt->execute();
}
catch (PDOException $e)
{
    echo $e->getMessage();
}

//Close Connection
$conn = null;

?>
于 2016-05-14T13:58:33.587 回答