运行准备好的语句（MySQL/PHP）

Question

这是我第一次使用预处理语句，并且遇到了问题。当我运行以下代码时，出现如下错误消息：

警告：mysqli_stmt_bind_param（）[function.mysqli-stmt-bind-param]：类型定义字符串中的元素数与绑定数不匹配变量in ...在线49

第49行是下面的mysqli_stmt_bind_param语句。似乎字符串的数量（“ssssss”）与该语句中正确的字符串数量相匹配，所以我有点不知所措。

<?php 

$var1 = $_POST['var1']; 
$var2 = $_POST['var2']; 
$var3 = $_POST['var3']; 
$var4 = $_POST['var4']; 
$var5 = $_POST['var5']; 
$var6 = $_POST['var6']; 

     if (!empty($var1)&&!empty($var2)&&!empty($var3) 
     &&isset($var4, $var5, $var6)); 

     require_once 'connect.inc.php'; 

     $query = "INSERT INTO tablename (var1, var2, var3, var4, var5, var6) 
     VALUES ('$var1','$var2','$var3','$var4','$var5', '$var6')"; 

     $stmt = mysqli_prepare($link, $query); 

     mysqli_stmt_bind_param($stmt, "ssssss", $var1, $var2, $var3, $var4, $var5, 
     $var6); 

     mysqli_stmt_execute($stmt); 

     if (mysqli_stmt_affected_rows($stmt)==1); 

     mysqli_stmt_close($stmt); 

     $result = mysqli_query($link, $query); 

     if ($result) { 
     echo 'Thank you for your submission.'; 
     }  
     else { 
      echo 'We were unable to process your information.'.mysqli_error($link).' 
      Please ensure all required fields were filled out.; 
      } 

     mysqli_close($link); 
?> 

任何帮助，非常感谢！谢谢！顺便说一句，我会得到'谢谢你的提交'。信息。

Answer 1

问题与格式不匹配，这是你没有参数绑定。参数应该使用?作为查询中的占位符;

$query = "INSERT INTO tablename (var1, var2, var3, var4, var5, var6) 
      VALUES ('$var1','$var2','$var3','$var4','$var5', '$var6')"; 

应该

$query = "INSERT INTO tablename (var1, var2, var3, var4, var5, var6) 
     VALUES (?, ?, ?, ?, ?, ?)"; // <-- six place holders for the parameters 

Answer 2

查询更改为：

$query = "INSERT INTO tablename (var1, var2, var3, var4, var5, var6) 
     VALUES (?,?,?,?,?, ?)"; 

要告诉你的绑定设置参数。