You are not checking the result of the call to new mysqli. If that fails, then $mysqliwill be null and not a valid object you can query against.

您没有检查调用的结果new mysqli。如果失败，$mysqli则将为 null 并且不是您可以查询的有效对象。

Also, by building SQL statements with outside variables, you are leaving yourself open to SQL injection attacks.Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. My site http://bobby-tables.com/phphas examples to get you started, and this questionhas many examples in detail.

此外，通过使用外部变量构建 SQL 语句，您将面临 SQL 注入攻击。此外，任何带有单引号的输入数据，例如“O'Malley”的名称，都会破坏您的 SQL 查询。请了解如何使用参数化查询（最好使用 PDO 模块）来保护您的 Web 应用程序。我的网站http://bobby-tables.com/php有一些例子可以帮助你入门，这个问题有很多详细的例子。

At the setout, you should call

在设置时，你应该打电话

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

This enables you don't have to check any return values, just put try { ... } catch { ... }blocks.

这使您不必检查任何返回值，只需放置try { ... } catch { ... }块即可。

try {

    if (
        !isset($_POST['name'])     ||
        !is_string($_POST['name']) ||
        $_POST['name'] === ''
    ) {
        throw new UnexpectedValueException('$_POST[\'name\'] is empty');
    }

    $mysqli = new mysqli($mHost, $mUser, $mPass, $db);
    $stmt = $mysqli->prepare("INSERT INTO `category` (`name`) VALUES (?)");
    $stmt->bind_param('s', $_POST['name']);
    $stmt->execute();

    echo 'Success';

} catch (Exception $e) {

    echo $e->getMessage();

}