以前在即将被弃用的普通mysql函数中,我有:
// On first connect to database, create a user to hold data for users not logged in
if (mysql_num_rows(mysql_query("SELECT id FROM users WHERE id=1")) === 0) {
mysql_query("INSERT INTO users(id,username,email,password) VALUES(1,'anonymous','anonymous','" . password_hash("noidentity", PASSWORD_BCRYPT) . "')");
}
这就是我现在所做的,试图完成同样的事情:
// On first connect to database, create a user to hold data for users not logged in
$stmt = $db->prepare("SELECT id FROM users WHERE id = ?");
$stmt->execute(1);
$stmt->store_result();
if ($stmt->num_rows == 0) {
$stmt = $db->prepare("INSERT INTO users (id, username, email, password) VALUES (?, ?, ?, ?)");
$stmt->execute(1, 'anonymous', 'anonymous', password_hash("noidentity", PASSWORD_BCRYPT));
}
我一直收到错误“警告:mysqli_stmt :: execute()期望0个参数,1给出”看似它预期1,因为我有1个问号,但我显然做错了。
我是否正确地做了以下的事情?
$stmt = $db->prepare("UPDATE users SET wins = wins + 1 WHERE id = ?");
$stmt->execute($_SESSION["id"]);
怎么样:
$stmt = $db->prepare("SELECT id, username, password FROM users WHERE email = ?");
$stmt->execute($email);
$row = $stmt->fetch();
if (password_verify($password, $row["password"])) {
我在那里做到了吗?
我只是为了安全起见而试图掌握这些准备好的陈述并发现它有点困难。
答案 0 :(得分:2)
使用此代码,您必须使用bind_param来设置数据。
$stmt = $db->prepare("SELECT id FROM users WHERE id = ?");
$stmt->bind_param('i', 1);
$stmt->execute();