我想将下面的MySQL查询更改为MySQLi(预处理语句),但我不知道该怎么做,因为它有多行要选择。任何人都可以指出正确的方式。
$check_added_files = mysql_query("select * from `vpb_uploads` where `username` = '".mysql_real_escape_string($username)."' and `firstname` = '' and `image_one` != '' and `image_two` != '' and `image_three` != '' and `image_four` != '' and `image_five` != ''");
if(mysql_num_rows($check_added_files) == 1)
{
echo 'up_to_five_already';
}
答案 0 :(得分:2)
正确的方法是将其更改为PDO
$sql = "select * from vpb_uploads where username=? and firstname=''
and image_one != '' and image_two != '' and image_three != ''
and image_four != '' and image_five != ''";
$stm = $pdo->prepare($sql);
$stm->execute(array($username));
$files = $stm->fetchAll();
答案 1 :(得分:0)
Mysqli在经典的mysql api上提供了面向对象的接口。它还支持事务,准备Statement,多个语句。
您可以查看此http://www.php.net/manual/en/mysqli-result.fetch-object.php 如果要将行作为对象
获取如果您想将行作为关联数组获取,那么您可以查看http://www.php.net/manual/en/mysqli-result.fetch-assoc.php
答案 2 :(得分:-1)
这很简单,我不知道为什么每次提问时我都会投票。
$mysqli = new mysqli("localhost", "root", "", "database");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
$username = $_SERVER['REMOTE_ADDR'];
$stmt = $mysqli->prepare("select * from `vpb_uploads` where `username` = ? and `firstname` = '' and `image_one` != '' and `image_two` != '' and `image_three` != '' and `image_four` != '' and `image_five` != ''");
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
echo 'up_to_five_already';
}