准备好的陈述

时间:2013-03-29 05:01:50

标签: php mysql mysqli

我正在尝试将下面的mysql更改为mysqli(准备好的语句),但我遇到了问题。

问题: Warning: mysqli_stmt ::bind_result(): Number of bind variables doesn't match number of fields in prepared statement此错误发生在$ get_empty_field = $ ok-> bind_result($ username,$ firstname,$ lastname);线。我没有完成转换,我只是做了我能做的事情并将其余部分保留原样。(我不是在混合mysql和mysqli)

Mysql查询

$check_added_files = mysql_query("select * from `vpb_uploads` where `username` = '".mysql_real_escape_string($username)."' and `firstname` = '' and `image_one` != '' and `image_two` != '' and `image_three` != '' and `image_four` != '' and `image_five` != ''");
                    if(mysql_num_rows($check_added_files) == 1)
                    {
                    echo 'up_to_five_already';
                    }
                    else
                    {
                    if (move_uploaded_file($_FILES['file_to_upload']['tmp_name'], $final_uploads_location)) 
                    {
                    $check_empty_field = mysql_query("select * from `vpb_uploads` where `username` = '".mysql_real_escape_string(strip_tags($username))."'  and `firstname` = '".mysql_real_escape_string("")."' and `lastname` = '".mysql_real_escape_string("")."'");
                    if(mysql_num_rows($check_empty_field) < 1)
                    {
                    mysql_query("insert into `vpb_uploads` values('', '".mysql_real_escape_string($username)."', '', '', '".mysql_real_escape_string($random_name_generated)."', '', '', '', '', '".mysql_real_escape_string(date("d-m-Y"))."')");

                    $identity = "image_one";
                    }
                    else
                    {
                    $get_empty_field = mysql_fetch_array($check_empty_field);
                    $image_one = strip_tags($get_empty_field["image_one"]);
                    $image_two = strip_tags($get_empty_field["image_two"]);
                    $image_three = strip_tags($get_empty_field["image_three"]);
                    $image_four = strip_tags($get_empty_field["image_four"]);
                    $image_five = strip_tags($get_empty_field["image_five"]);
                    global $identity;

                    if(empty($image_one))
                    {
                        mysql_query("update `vpb_uploads` set `image_one` = '".mysql_real_escape_string($random_name_generated)."' where `username` = '".mysql_real_escape_string(strip_tags($username))."' and `firstname` = '".mysql_real_escape_string("")."' and `lastname` = '".mysql_real_escape_string("")."'");

                        $identity = "image_one";

                    }
                    elseif(empty($image_two))
                    {
                        mysql_query("update `vpb_uploads` set `image_two` = '".mysql_real_escape_string($random_name_generated)."' where `username` = '".mysql_real_escape_string(strip_tags($username))."' and `firstname` = '".mysql_real_escape_string("")."' and `lastname` = '".mysql_real_escape_string("")."'");

                        $identity = "image_two";
                    }
                    elseif(empty($image_three))
                    {
                        mysql_query("update `vpb_uploads` set `image_three` = '".mysql_real_escape_string($random_name_generated)."' where `username` = '".mysql_real_escape_string(strip_tags($username))."' and `firstname` = '".mysql_real_escape_string("")."' and `lastname` = '".mysql_real_escape_string("")."'");

                        $identity = "image_three";
                    }
                    elseif(empty($image_four))
                    {
                        mysql_query("update `vpb_uploads` set `image_four` = '".mysql_real_escape_string($random_name_generated)."' where `username` = '".mysql_real_escape_string(strip_tags($username))."' and `firstname` = '".mysql_real_escape_string("")."' and `lastname` = '".mysql_real_escape_string("")."'");

                        $identity = "image_four";
                    }
                    elseif(empty($image_five))
                    {
                        mysql_query("update `vpb_uploads` set `image_five` = '".mysql_real_escape_string($random_name_generated)."' where `username` = '".mysql_real_escape_string(strip_tags($username))."' and `firstname` = '".mysql_real_escape_string("")."' and `lastname` = '".mysql_real_escape_string("")."'");

                        $identity = "image_five";
                    }

我有多远:

$mysqli = new mysqli("localhost", "root", "", "newlogin");
                if ($mysqli->connect_errno) {
                echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
                }


                $stmt = $mysqli->prepare("select * from `vpb_uploads` where `username` = ? and `firstname` = '' and `image_one` != '' and `image_two` != '' and `image_three` != '' and `image_four` != '' and `image_five` != ''");
                $stmt->bind_param('s', $username);
                $stmt->execute();
                $stmt->store_result();

                if ($stmt->num_rows == 1) {

                echo 'up_to_five_already';
                }


                else
                {
                if (move_uploaded_file($_FILES['file_to_upload']['tmp_name'], $final_uploads_location)) 
                {
                $firstname = "''";
                $lastname = "''";
                $stmt = $mysqli->prepare("select * from `vpb_uploads` where `username` = ?  and `firstname` = ? and `lastname` = ?");
                $stmt->bind_param('sss', $username, $firstname, $lastname);
                $stmt->execute();
                $stmt->store_result();
                if ($stmt->num_rows < 1)

                {
                $date = 'date("d-m-Y")';
                $image_2 = "''";
                $image_3 = "''";
                $image_4 = "''";
                $image_5 = "''";
                $stmt = $mysqli->prepare("insert into `vpb_uploads` (`username`, `firstname`, `lastname`, `image_one`, `image_two`, `image_three`, `image_four`, `image_five`, `date`) values(?,?,?,?,?,?,?,?,?)");
                $stmt->bind_param('sssssssss',  $username, $firstname, $lastname, $random_name_generated, $image_2, $image_3, $image_4, $image_5, $date);
                $stmt->execute();


                $identity = "image_one";
                }
                else
                {

                $get_empty_field = $stmt->bind_result($username, $firstname, $lastname);
                $image_one = strip_tags($get_empty_field["image_one"]);
                $image_two = strip_tags($get_empty_field["image_two"]);
                $image_three = strip_tags($get_empty_field["image_three"]);
                $image_four = strip_tags($get_empty_field["image_four"]);
                $image_five = strip_tags($get_empty_field["image_five"]);
                global $identity;

               if(empty($image_one))
                    {
                $stmt = $mysqli->prepare("update `vpb_uploads` set `image_one` = ? where `username` = ? and `firstname` = ? and `lastname` = ? ");
                $stmt->bind_param('ssss', $random_name_generated, $username, $firstname, $lastname);    
                $stmt->execute();
                $stmt->close();

                $identity = "image_one";

                }
                elseif(empty($image_two))
                {
                mysql_query("update `vpb_uploads` set `image_two` = '".mysql_real_escape_string($random_name_generated)."' where `username` = '".mysql_real_escape_string(strip_tags($username))."' and `firstname` = '".mysql_real_escape_string("")."' and `lastname` = '".mysql_real_escape_string("")."'");

                $identity = "image_two";
                }
                elseif(empty($image_three))
                {
                mysql_query("update `vpb_uploads` set `image_three` = '".mysql_real_escape_string($random_name_generated)."' where `username` = '".mysql_real_escape_string(strip_tags($username))."' and `firstname` = '".mysql_real_escape_string("")."' and `lastname` = '".mysql_real_escape_string("")."'");

                $identity = "image_three";
                }
                elseif(empty($image_four))
                {
                mysql_query("update `vpb_uploads` set `image_four` = '".mysql_real_escape_string($random_name_generated)."' where `username` = '".mysql_real_escape_string(strip_tags($username))."' and `firstname` = '".mysql_real_escape_string("")."' and `lastname` = '".mysql_real_escape_string("")."'");

                $identity = "image_four";
                }
                elseif(empty($image_five))
                {
                mysql_query("update `vpb_uploads` set `image_five` = '".mysql_real_escape_string($random_name_generated)."' where `username` = '".mysql_real_escape_string(strip_tags($username))."' and `firstname` = '".mysql_real_escape_string("")."' and `lastname` = '".mysql_real_escape_string("")."'");

                $identity = "image_five";
                }

2 个答案:

答案 0 :(得分:1)

As I told you before,你必须改为PDO,而不是mysqli。 当然,只是复制代码就没有用了。您至少需要先连接到PDO。我提供了一个指向PDO标记wiki的链接,其中包含要复制的完整连接代码。另外,除了复制代码之外,您需要花费一些精力使其工作 - 至少通过调整数据库设置。

通常,您在此处获得的代码并非打算开箱即用。他们是给你一个想法,让你学习。这是非常重要的事情 - 您需要从答案中学习,以便能够自己完成下一个类似的工作。如果您只是复制并粘贴代码,那么您将要求Stack Overflow重写所有应用程序。请从答案中学习,并尝试运用你所掌握的知识。

答案 1 :(得分:0)

您需要更改SELECT声明:

$stmt = $mysqli->prepare("select `username`,`firstname`,`lastname` from `vpb_uploads` where `username` = ?  and `firstname` = ? and `lastname` = ?");

您需要修改变量名称:

$get_empty_field = $stmt->bind_result($username, $firstname, $lastname);