MySQLi - 将表值作为字符串而不是对象

时间:2017-02-26 03:28:20

标签: php mysql mysqli

我尝试使用php从我的用户 MySQL表中检索名称 userEmail 值: enter image description here

我使用以下代码尝试获取当前登录用户的名称 userEmail

<?php
session_start();
#connect to MySQL database
require_once("settings.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);

#get username of current session
$username = $_SESSION['username'];

#get userEmail of logged-in user from database
$sql = "SELECT userEmail from Users WHERE username LIKE '{$username}' LIMIT 1";
$result = $mysqli->query($sql);
$replyTo = mysqli_fetch_field($result);

#get name of logged-in user from database
$sql2 = "SELECT name from Users WHERE username LIKE '{$username}' LIMIT 1";
$result2 = $mysqli->query($sql2);
$name = mysqli_fetch_field($result2);
?>

然后我尝试将 $ replyTo $ name 值传递给只接受字符串的函数(来自PHPmailer的setFrom()函数是准确的):

$mail->setFrom($replyTo, $name);

...并收到以下错误:

警告:trim()要求参数1为字符串,对象 /var/www/phpmailer/class.phpmailer.php 中的对象 489 (此对象为$ replyTo)

可捕获的致命错误:类 /var/www/phpmailer/class.phpmailer.php 中的字符串 490 (此对象为$ name)

使用Chrome Logger进行调试,我发现这些值是 $ userEmail $ name 的值:

enter image description here

1 个答案:

答案 0 :(得分:2)

我认为您可以通过单一查询获取电子邮件和名称 - 出于安全原因(SQLIA)使用预准备语句

#get userEmail of logged-in user from database
$sql = "SELECT userEmail,name from Users WHERE username = ? LIMIT 1";
// this is prepared statement and prevent form sql injection attack
$statement = $mysqli->prepare($sql);
$statement->bind_param('s',$username);
$statement->execute();
$result = $statement->get_result();
// fetch first record in associative array
$userDetail = $result->fetch_assoc();
if($userDetail)
{
   $replyTo = $userDetail['userEmail'];
   $name = $uerDetail['name'];
   $mail->setFrom($replyTo, $name);
}
else
{
   echo 'user not found';
}