php bind_param 语句无效

php bind_param statement not working

我正在尝试注册表格以防止 SQL 注入,但最终出现致命错误:-

( Call to undefined method mysqli_stmt::bind_parm()),

你们能帮我看看为什么我会收到这个致命错误吗?我还想知道我的编码是否受到黑客攻击。

这是连接文件

<?php
define('HOST','localhost');
define('USER','root');
define('PASSWORD_HOST','');
define('DATABASE','ubhs');

if(defined('HOST') && defined('USER') && defined('PASSWORD_HOST') && defined('DATABASE')){
    $conn = mysqli_connect(HOST, USER, PASSWORD_HOST, DATABASE);


}else{
    die(connection_failed.mysqli_connection_error());
}

function test_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

?>

这里是 php 文件的一部分

    $st_f_name_err1 = "";
    $st_f_name_err2 = "";
    $st_l_name_err1 = "";
    $st_l_name_err2 = "";
    $st_f_name = $_POST['st_f_name'];
    $st_l_name = $_POST['st_l_name'];
    $userinput = true; //trigger

if(isset($_POST['st_submit'])){

    if(empty($st_f_name)){
        $st_f_name_err1 = "You have to provide first Name";
        $userinput = false;
    }
    if (!preg_match("/^[a-zA-Z ]*$/",$st_f_name)){
        $st_f_name_err2 = "You can't provide numeric value in name field";
        $userinput = false;
    }else{
        $st_f_name = test_input($st_f_name);
    }if(empty($st_l_name)){
        $st_l_name_err1 = "You have to provide last Name";
        $userinput = false;
    }
    if (!preg_match("/^[a-zA-Z ]*$/",$st_l_name)){
        $st_l_name_err2 = "You can't provide numeric value in name field";
        $userinput = false;
    }else{
        $st_l_name = test_input($st_l_name);
    }
if($userinput==true)
            {

            $stmt = $conn->prepare("INSERT INTO student_info (st_f_name,st_l_name,st_class,st_dob) VALUES(?,?,?,?)");
            $stmt->bind_parm("sssi",$st_f_name,$st_l_name, $st_class,$st_dob);  
            $stmt->execute();
}
}

我假设你有两个文件(所以代码改进以及 TYPO 指示):-

<?php    
include_once('connection.php'); // include your connection file or put your code directly here

$st_err = array(); // take error array
$st_f_name = '';
$st_l_name = '';

if(!empty($_POST['st_f_name']) && !empty($_POST['st_l_name'])){ // check with posted values not with button name
    $st_f_name = $_POST['st_f_name']; // assign values to variable
    $st_l_name = $_POST['st_l_name'];
    if (!preg_match("/^[a-zA-Z ]*$/",$st_f_name)){
        $st_err[] = "You can't provide numeric value in first name field"; // assign error to error array
    }else{
        $st_f_name = test_input($st_f_name);
    }
    if (!preg_match("/^[a-zA-Z ]*$/",$st_l_name)){
        $st_err[] = "You can't provide numeric value in last name field";// assign error to error array
    }else{
        $st_l_name = test_input($st_l_name);
    }
}else{
    $st_err[] = "your need to provide both first name and last name";// assign error to error array
}
if(count($st_err)>0){ // now check if error array have some value
    $error_string = "<ul>" // create a string of ul li to show all errors
    foreach ($st_err as $st_er){  
         $error_string .= "<li>".$st_er."</li>"; // append all errors
    }
    $error_string .= "</ul>";  
    die($error_string); // show errors and stop execution
}else{ // if no error is there
    $stmt = $conn->prepare("INSERT INTO student_info (st_f_name,st_l_name,st_class,st_dob) VALUES(?,?,?,?)");
    $stmt->bind_param("sssi",$st_f_name,$st_l_name, $st_class,$st_dob);  // TYPO HERE a is missed in param
    $stmt->execute();
}