有人可以向我解释为什么这不起作用.尝试按照每个人的建议转换为准备好的语句,但在开始时卡住了…连接正常并且它没有返回消息,但是没有进入我的表(称为nametable)

<?php
 $dbhost = "localhost";
 $dbuser = "root";
 $dbpass = "fidelio";
 $dbname = "test";
 $con = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
 if(mysqli_connect_errno()) {
 die("Database connection failed: " . 
     mysqli_connect_error() . 
     " (" . mysqli_connect_errno() . ")");
   }

$query = "INSERT INTO nametable (fname, lname) values (?,?)";
$stmt = mysqli_prepare($con, $query);
$firstName = "simon";
$lastName = "morris";
mysqli_stmt_bind_param($stmt,"ss",$firstname, $lastname);
mysqli_stmt_execute($stmt);
printf("Error: %s.\n", $stmt->error);
$stmt->close();
?>

我添加了最后两行,并且返回的错误是

Error: .

这工作得很好但准备好的陈述没有….任何人都知道为什么？

  $sql="INSERT INTO nametable (fname, lname)
  VALUES ('$firstName', '$lastName')";
   if (!mysqli_query($con,$sql))
{
   die('Error: ' . mysqli_error($con));
 }

最佳答案 试试这个

    $dbhost = "localhost";
    $dbuser = "root";
    $dbpass = "fidelio";
    $dbname = "test";

    $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);

     $firstName = "simon";
     $lastName = "morris";
          if ($stmtb = $mysqli->prepare("INSERT INTO nametable (fname, lname) values (?,?)")) {
              $stmtb->bind_param('ss',$firstName, $lastName); 
              $stmtb->execute(); 
           }else {printf("Prepared Statement Error: %s\n", $mysqli->error);}