manager_add.php页面<form id="form1" name="form1" method="post" action="Bll/addManager.php">
<table height="123" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="83" height="30" align="center">管理员名称:</td>
<td width="192">
<input id="name" name="name" type="text"> </td>
</tr>
<tr>
<td height="28" align="center">管理员密码:</td>
<td><input name="pwd" type="password" id="pwd"></td>
</tr>
<tr>
<td height="28" align="center">确认密码:</td>
<td><input name="pwd1" type="password" id="pwd1"></td>
</tr>
<tr>
<td height="37" align="center"> </td>
<td><input name="Button" type="button" class="btn_grey" value="保存" onClick="check(form1)">
<input name="Submit2" type="button" class="btn_grey" value="关闭" onClick="window.close();"></td>
</tr>
</table>
</form>之后提交到addManager.php<?php
include_once '../Model/Manager.php'; $managerName=$_POST['name'];
$passWord=$_POST['pwd']; $manager=new Manager();
$number=$manager->checkManagerByName($managerName);
if($number!=0){
echo '<script>alert("该管理员已存在,请重新输入!");window.close();</script>';
}else{
$manager=new Manager(); $manager->setManagerName($managerName);
$manager->setPassWord($passWord);
$bool=$manager->saveManager($manager);
if($bool==0){
echo '添加管理员失败!';
}else{
echo '<script>alert("添加管理员信息成功!");opener.location.reload();window.close();</script>';
}
}
?>manager.php类中的saveManager()方法和查询管理员的方法/**
* 添加管理员
* @param Manager $manager 管理员对象
* @return bool
*/
public function saveManager(Manager $manager) {
$link=$this->getConnectionDB();
try {
$query=sprintf('insert into manager (managerName,passWord) values ("%s","%s")',mysqli_real_escape_string($link,$manager->managerName),
mysqli_real_escape_string($link,$manager->passWord));
$bool=mysqli_query($link,$query);
} catch (Exception $e) {
echo $e->getTraceAsString();
echo mysqli_errno();
echo mysqli_error();
echo '添加管理员信息失败!';
}
mysqli_close($link);
return $bool;
}/**
* 根据名字,查询管理员信息
* @param string $name 管理员名字
* @return int
*/
public function checkManagerByName($name) {
$link=$this->getConnectionDB();
try {
$query=sprintf('select * from manager where managerName="%s"', mysqli_real_escape_string($link,$name));
$result=mysqli_query($link,$query);
$count=mysqli_num_rows($result);
} catch (Exception $e) {
echo $e->getTraceAsString();
echo mysqli_errno();
echo mysqli_error();
echo '根据名字,查询单个管理员信息失败!';
}
mysqli_free_result($result);
mysqli_close($link);
return $count;
}问题:当我在manager_add.php页,输入名字和密码后提交,如果管理员名字存在,就会弹出提示框;当添加一个不存在的名字时,
会报错,Warning: mysqli_real_escape_string(): Couldn't fetch mysqli in D:\PHPProjects\BookLibrary\Model\Manager.php on line 60 Call Stack: 1.0063 339840 1. {main}(),也就是这里$query=sprintf('insert into manager (managerName,passWord) values ("%s","%s")',mysqli_real_escape_string($link,$manager->managerName),
mysqli_real_escape_string($link,$manager->passWord));报错.请大侠看看问题处在哪里?谢谢!
数据库已连通,而且 saveManager(Manager $manager)中的$manager参数的值也有
<table height="123" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="83" height="30" align="center">管理员名称:</td>
<td width="192">
<input id="name" name="name" type="text"> </td>
</tr>
<tr>
<td height="28" align="center">管理员密码:</td>
<td><input name="pwd" type="password" id="pwd"></td>
</tr>
<tr>
<td height="28" align="center">确认密码:</td>
<td><input name="pwd1" type="password" id="pwd1"></td>
</tr>
<tr>
<td height="37" align="center"> </td>
<td><input name="Button" type="button" class="btn_grey" value="保存" onClick="check(form1)">
<input name="Submit2" type="button" class="btn_grey" value="关闭" onClick="window.close();"></td>
</tr>
</table>
</form>之后提交到addManager.php<?php
include_once '../Model/Manager.php'; $managerName=$_POST['name'];
$passWord=$_POST['pwd']; $manager=new Manager();
$number=$manager->checkManagerByName($managerName);
if($number!=0){
echo '<script>alert("该管理员已存在,请重新输入!");window.close();</script>';
}else{
$manager=new Manager(); $manager->setManagerName($managerName);
$manager->setPassWord($passWord);
$bool=$manager->saveManager($manager);
if($bool==0){
echo '添加管理员失败!';
}else{
echo '<script>alert("添加管理员信息成功!");opener.location.reload();window.close();</script>';
}
}
?>manager.php类中的saveManager()方法和查询管理员的方法/**
* 添加管理员
* @param Manager $manager 管理员对象
* @return bool
*/
public function saveManager(Manager $manager) {
$link=$this->getConnectionDB();
try {
$query=sprintf('insert into manager (managerName,passWord) values ("%s","%s")',mysqli_real_escape_string($link,$manager->managerName),
mysqli_real_escape_string($link,$manager->passWord));
$bool=mysqli_query($link,$query);
} catch (Exception $e) {
echo $e->getTraceAsString();
echo mysqli_errno();
echo mysqli_error();
echo '添加管理员信息失败!';
}
mysqli_close($link);
return $bool;
}/**
* 根据名字,查询管理员信息
* @param string $name 管理员名字
* @return int
*/
public function checkManagerByName($name) {
$link=$this->getConnectionDB();
try {
$query=sprintf('select * from manager where managerName="%s"', mysqli_real_escape_string($link,$name));
$result=mysqli_query($link,$query);
$count=mysqli_num_rows($result);
} catch (Exception $e) {
echo $e->getTraceAsString();
echo mysqli_errno();
echo mysqli_error();
echo '根据名字,查询单个管理员信息失败!';
}
mysqli_free_result($result);
mysqli_close($link);
return $count;
}问题:当我在manager_add.php页,输入名字和密码后提交,如果管理员名字存在,就会弹出提示框;当添加一个不存在的名字时,
会报错,Warning: mysqli_real_escape_string(): Couldn't fetch mysqli in D:\PHPProjects\BookLibrary\Model\Manager.php on line 60 Call Stack: 1.0063 339840 1. {main}(),也就是这里$query=sprintf('insert into manager (managerName,passWord) values ("%s","%s")',mysqli_real_escape_string($link,$manager->managerName),
mysqli_real_escape_string($link,$manager->passWord));报错.请大侠看看问题处在哪里?谢谢!
数据库已连通,而且 saveManager(Manager $manager)中的$manager参数的值也有
mysqli_real_escape_string($link,$manager->passWord));
的这个错误最可能的原因就是$link返回了一个无效的数据库连接资源,因为mysqli_real_escape_string这个函数必须要在一个有效的数据库连接下并且连通才能进行过滤操作,建议检查一下数据库连接是否有效
mysqli_real_escape_string
(PHP 5)mysqli::real_escape_string -- mysqli_real_escape_string — Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection说明
面向对象风格string mysqli::escape_string ( string $escapestr )
string mysqli::real_escape_string ( string $escapestr )
过程化风格string mysqli_real_escape_string ( mysqli $link , string $escapestr )
This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection. 参数link
仅以过程化样式:由 mysqli_connect() 或 mysqli_init() 返回的链接标识。escapestr
The string to be escaped. Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z.
返回值
Returns an escaped string. 范例
Example #1 mysqli::real_escape_string() example面向对象风格<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}$mysqli->query("CREATE TEMPORARY TABLE myCity LIKE City");$city = "'s Hertogenbosch";/* this query will fail, cause we didn't escape $city */
if (!$mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", $mysqli->sqlstate);
}$city = $mysqli->real_escape_string($city);/* this query with escaped $city will work */
if ($mysqli->query("INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", $mysqli->affected_rows);
}$mysqli->close();
?>
过程化风格<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}mysqli_query($link, "CREATE TEMPORARY TABLE myCity LIKE City");$city = "'s Hertogenbosch";/* this query will fail, cause we didn't escape $city */
if (!mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("Error: %s\n", mysqli_sqlstate($link));
}$city = mysqli_real_escape_string($link, $city);/* this query with escaped $city will work */
if (mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")) {
printf("%d Row inserted.\n", mysqli_affected_rows($link));
}mysqli_close($link);
?>
以上例程会输出:Error: 42000
1 Row inserted.