迁移到预准备语句

时间:2015-02-15 10:58:53

标签: php prepared-statement fetch

我知道有类似的主题,但他们没有帮助我,我想将我的代码迁移到准备好的语句,但我一直在收到错误或错误的答案。计划是获得这样的代码:

$sql = "SELECT * FROM our_videos ORDER BY datemade DESC LIMIT 10";
$query = mysqli_query($db_conx, $sql);
while($row = mysqli_fetch_array($query, MYSQL_ASSOC))
{
    $id             = $row["id"];
    $title          = $row["title"];
    $description    = $row["description"];
    echo "this is first row id".$id."";
}

对于这样的事情(我目前正在做的错误的例子):

$stmt = mysqli_prepare($db_conx, "SELECT id,title,description,champion FROM our_videos WHERE datemade BETWEEN NOW() - INTERVAL ? DAY AND NOW() AND LENGTH(champion) - LENGTH(REPLACE(champion, '$', '')) =? ORDER BY ? LIMIT 10");
$filter_date           = mysqli_real_escape_string($db_conx,$_POST['filter_by_date']);
$filter_arrangement    = mysqli_real_escape_string($db_conx,$_POST['filter_by_arrangement']);
$filter_champion_count = mysqli_real_escape_string($db_conx,$_POST['filter_by_champion_count']);
mysqli_stmt_bind_param($stmt, 'iis', $filter_date, $filter_champion_count, $filter_arrangement);
mysqli_stmt_execute($stmt);
while($data = mysqli_fetch_array($res, MYSQLI_ASSOC))
{
    echo 'My name is '.$data['id'].'and my email is <br/>';
}
$res = mysqli_stmt_bind_result($stmt, $single_id, $single_title, $single_description, $single_champion);

我尝试上面的示例时遇到此错误:

  

警告:mysqli_fetch_array()期望参数1为mysqli_result,   null中给出的   /home/troll4lol/domains/troll4lol.com/public_html/other_videos.php on   第12行

我对这整个准备好的陈述感到非常困惑,看起来它不会变得很难但是它......

2 个答案:

答案 0 :(得分:1)

根据文档中的示例对代码进行一些更改 http://php.net/manual/en/mysqli-stmt.bind-result.php

参数化查询的一个好处是我们不再(通常)需要转义数据,它已经为我们完成了:D

$sql = "SELECT id,title,description,champion
        FROM our_videos
        WHERE datemade BETWEEN NOW() - INTERVAL ? DAY AND NOW()
        AND LENGTH(champion) - LENGTH(REPLACE(champion, '$', '')) =?
        ORDER BY # // :(
        LIMIT 10";

$stmt = mysqli_prepare($db_conx, $sql);

mysqli_stmt_bind_param($stmt, 'iis', $_POST['filter_by_date'], $_POST['filter_by_champion_count'], $_POST['filter_by_arrangement']);

mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $single_id, $single_title, $single_description, $single_champion);

while (mysqli_stmt_fetch($stmt)) {
    echo $single_id . ' ' . $single_title . ' ' . $single_description . ' ' . $single_champion;
}

mysqli_stmt_close($stmt);

请注意悲伤的面孔,您只能将数据绑定到占位符。列/表名称是架构的一部分,不能绑定。

答案 1 :(得分:0)

您不应该使用mysqli_fetch_array,因为您在获取时使用mysqli_stmt_bind_result来设置变量。

mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $single_id, $single_title, $single_description, $single_champion);
while (mysqli_stmt_fetch($stmt)) {
    echo "My name is $single_id and my email is <br>";
}

请参阅documentation中的示例。