0

クエリで bind_param() メンバー関数を使用していますが、コードでエラーが発生しました。これは私のコードの一部です:

<?php

session_start();
include_once 'functions.php';
loging(basename(__FILE__));
if (!isset($_SESSION['user'])) {
    redirect('login.php');
}

$day_id = date('w');

$database = new mysqli('127.0.0.1', 'user', 'user', 'kantin');
$sesi = $_POST['sesi'];
$lauk = $_POST['lauk'];
$sayur = $_POST['sayur'];
$minuman = $_POST['minuman'];
$user = $_SESSION['username'];

$query_user = "SELECT * FROM user WHERE username LIKE '" . $user . "'";
$statement_user = $database->query($query_user);
$row_user = $statement_user->fetch_assoc();
$id_user = $row_user['user_id'];

$query_sesi = "SELECT * FROM sesi WHERE sesi LIKE '" . $sesi . "'";
$statement_sesi = $database->query($query_sesi);
$row_sesi = $statement_sesi->fetch_assoc();
$id_sesi = $row_sesi['sesi_id'];

$query_alt_id = "SELECT * FROM alternatif WHERE id_hari='" . $day_id . "' AND id_sesi= '" . $id_sesi . "' AND lauk_alt LIKE '" . $lauk . "'";
$statement_alt_id = $database->query($query_alt_id);
while ($row_alt_id = $statement_alt_id->fetch_assoc()) {
    $id_alt = $row_alt_id['alternatif_id'];
    $id_menu = $row_alt_id['lauk_alt'];
    $id_hari = $row_alt_id['id_hari'];
    $id_sesi = $row_alt_id['id_sesi'];
}

$query_insert = "INSERT INTO update (`id_menu_alt`, `id_user`, `id_hari`, `id_sesi`) VALUES (?,?,?,?)";
$statement_insert = $database->prepare($query_insert);
$statement_insert->bind_param('iiii', $id_alt, $id_user, $id_hari, $id_sesi);
$statement_insert->execute();


redirect('today_menu.php');
?>

コードを実行すると、次のエラーが表示されます。

致命的なエラー: 40 行目の C:\xampp\htdocs\IBAD\Kantin_Pakoper\change_alternatif_process.php の非オブジェクトに対するメンバー関数 bind_param() の呼び出し

4

2 に答える 2

2

You're getting an error from the call to prepare(), so it's returning false instead of a mysqli_stmt. To see the MySQL error message, do:

$statement_insert = $database->prepare($query_insert) or die($database->error);

In this case, the problem is that update is a MySQL reserved word. To use it as a table name, you need to put it in backticks:

$query_insert = "INSERT INTO `update` (`id_menu_alt`, `id_user`, `id_hari`, `id_sesi`) VALUES (?,?,?,?)";

I find it strange that you put all the column names in backticks, even though they don't need it, but you didn't put the table name in backticks.

Also, why aren't you using prepared statements for all the other queries? If you don't use bind_param(), you need to escape the strings before concatenating them into the queries.

于 2014-10-25T07:28:31.090 に答える