隐藏错误-防止MySQL注入

Question

我收到以下错误

Fatal error: Uncaught Error: Call to a member function bind_param() on boolean in /opt/lampp/htdocs/magic/client/edit-client.php:102 Stack trace: #0 {main} thrown in /opt/lampp/htdocs/magic/client/edit-client.php on line 102

请参阅下面第102行及其周围的代码

 $stmt = $link->prepare("UPDATE users SET password = ?, notes = ?, url = ?, services = ?, status = ?, invoice = ?, pin = ?, agent_notes = ?, email = ?, phone = ?, WHERE id = ?");
  $stmt->bind_param("ssssssissii", trim($_POST['password']), trim($_POST['notes']), trim($_POST['url']), trim($_POST['services']), trim($_POST['status']), trim($_POST['invoice']), trim($_POST['pin']), trim($_POST['agent_notes']), trim($_POST['email']), trim($_POST['phone']), $_SESSION['client_id']);

我不想撒谎，整个$stmt->bind_param("ssssssissii"也让我困惑，我得到了字符串和整数，但我不确定我是否正确地假设了这一点：

如果输入包含文本和数字，那么如果它是只包含数字，那么它应该是s，那么它应该是i -这不是正确的吗？

谢谢你提前提供帮助。

Answer 1

phone = ?, <尾随逗号不应该在那里。

谢谢@FunkFortyNinefor的回答。