所有这一步都是纠正和必要的吗?
store_result()和bind_result()togheter?
<?php
if (isset($_SESSION['userID'])) {
$userID = $_SESSION['userID'];
$stmt = $mysqli->prepare(
"SELECT usergroup, firstname FROM tbl_users WHERE userID = ? ");
$stmt->bind_param('i', $userID);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($usergroup, $firstname);
$stmt->fetch();
$_SESSION['usergroup'] = $usergroup;
$_SESSION['firstname'] = $firstname;
$stmt->close();
}
?>
答案 0 :(得分:2)
是。
但是程序员总是可以写一个函数来包装所有这些代码,并在一行中调用它
<?php
if (isset($_SESSION['userID'])) {
$sql = "SELECT usergroup, firstname FROM tbl_users WHERE userID = ?";
$_SESSION['user'] = $db->getRow($sql, $_SESSION['userID']);
}
然而,我不得不承认,编写一个基于mysqli的功能需要非凡的技能,这使得它对于大多数SO用户来说几乎是不可重写的。因此,最好切换到PDO,因为它需要比mysqli
少三倍的代码来处理预准备语句<?php
if (isset($_SESSION['userID'])) {
$stm = $pdo->prepare("SELECT usergroup, firstname FROM tbl_users WHERE userID = ?");
$stm->execute(array(isset($_SESSION['userID']));
$_SESSION['user'] = $stm->fetch();
}