使用预准备语句从SQL表中选择SELECT *

时间:2016-04-20 01:09:35

标签: php mysql mysqli prepared-statement

我在MySQL表格中使用准备好的语句SELECT *,我不知道如何使用while($row = mysqli_fetch_array($stmt))循环并从结果数组中选择项目。这是我的代码,我做错了什么?

    $link = mysqli_connect($host, $username, $password, $db);
    $query = "SELECT * from `wp_posts` WHERE ID=? ";
    //$result = mysqli_query($link, $query);
    $stmt = mysqli_prepare($link, $query);
    if($stmt){
        mysqli_stmt_bind_param($stmt, "i", $pid);
        mysqli_stmt_bind_result($stmt, $dbpid);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_fetch($stmt);
    }
    while($row = mysqli_fetch_array($stmt)){
        ?>
    <h2 align="center"> <?php echo $row['post_title']; ?> </h2><br>
    <div class="paracenter">

        <p id="cont"><?php echo $row['post_content']; ?></p>
        <hr color="black" width="10%">

    </div>
    <?php } ?>

4 个答案:

答案 0 :(得分:6)

达尔文的答案没有错,但想要指出PDO作为一种替代方法,语法要轻得多:

<?php
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
    PDO::ATTR_EMULATE_PREPARES   => false,
];
$link = new PDO("mysql:host=$host;dbname=$db", $username, $password, $options);
$stmt = $link->prepare("SELECT * from `wp_posts` WHERE ID=?");
$stmt->execute([$pid]);
$result = $stmt->fetchAll();

// Now you have a plain array to work with, database work is over
foreach ($result as $row):
?>

<h2 style="text-align:center;margin:0 auto">
    <?=$row["post_title"]?>
</h2>
<br/>
<div class="paracenter">
    <p id="cont">
        <?=$row["post_content"]?>
    </p>
    <hr style="color:black;width:10%"/>
</div>

<?php endforeach;?>

根本不需要任何约束,我个人觉得使用它更容易。

答案 1 :(得分:6)

Dunno如果有人对这个已经回答和接受的问题的正确答案感兴趣,但是到底是什么。

要使用mysqli回答您的问题,您必须使用get_result()。

因此,适当的基于mysqli的解决方案将是

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = mysqli_connect($host, $username, $password, $db);
$query = "SELECT * from `wp_posts` WHERE ID=? ";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("i", $pid);
$stmt->execute();
$res = $stmt->get_result();
$data = $res->fetch_all();

然后你可以在foreach循环中使用$ data作为输出,如另一个答案所示。

对于PDO,正确的代码如下,并且它确实更轻。

$link = new PDO("mysql:host=$host;dbname=$db", $username, $password);
$link->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $link->prepare("SELECT * from `wp_posts` WHERE ID=?");
$stmt->execute([$pid]);

然后you can use $stmt in the foreach loop输出,如另一个答案所示。

答案 2 :(得分:4)

您不能将bind_result()fetch_array()一起使用。您可以重复调用fetch(),将列读入与bind_result() 绑定的各个变量中 bind_result(),致电mysqli_smt_get_result()将结果提取到mysqli_result个对象,并重复调用mysqli_fetch_array()将该行加载到$row阵列。

由于您使用SELECT *,因此未绑定结果方法更符合逻辑。对于您的代码:

$link = mysqli_connect($host, $username, $password, $db);
$query = "SELECT * FROM wp_posts WHERE ID = ? ";
$stmt = mysqli_prepare($link, $query)
    or die("Unable to prepare statement: " . $link->error);

mysqli_stmt_bind_param($stmt, "i", $pid);
mysqli_stmt_execute($stmt)
    or die("Unable to execute query: " . $stmt->error);

$rslt = mysqli_stmt_get_result($stmt);

while($row = mysqli_fetch_array($rslt))
{
    ?>
<h2 align="center"> <?php echo $row['post_title']; ?> </h2><br>
<div class="paracenter">

    <p id="cont"><?php echo $row['post_content']; ?></p>
    <hr color="black" width="10%">

</div>
<?php } ?>

仅供比较,以下是{1}如何使用bind_result()(以及如何使用对象语法):

$link = new mysqli($host, $username, $password, $db);
$query = "SELECT post_title, post_content FROM wp_posts WHERE ID = ? ";

$stmt = $link->prepare($query);
    or die("Unable to prepare statement: " . $link->error);
$stmt->bind_param("i", $pid);
$stmt->execute()
    or die("Unable to execute query: " . $stmt->error);
$stmt->bind_result($postTitle, $postContent)
    or die("Unable to bind result: " . $stmt->error);

while($stmt->fetch()){
    ?>
<h2 align="center"> <?php echo $postTitle; ?> </h2><br>
<div class="paracenter">

    <p id="cont"><?php echo $postContent; ?></p>
    <hr color="black" width="10%">

</div>
<?php } ?>

请注意,使用bind_result()时,结果值将作为单个标量而不是数组返回,并且您需要将结果变量按顺序绑定到,以便您需要知道结果中的列。

希望有所帮助。

答案 3 :(得分:-1)

这是“准备好的选择语句”并回显结果的简单示例。

    if($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['uname']) && isset($_POST['pword'])) {

    $stmt = $conn->prepare("SELECT * FROM members WHERE username = ? && password = ?");// substitute '$conn' with whatever you named your database connection.
    $stmt->bind_param("ss", $username, $password);
    $username = $_POST['uname'];
    $password = $_POST['pword'];
    $stmt->execute();
    $result = $stmt->get_result();
    if ($result->num_rows ===0) exit('Not-A-Thing');
    while($row = $result->fetch_assoc()) { echo $row['id'] . "<br>" . $row['username']; }
    $stmt->close();

    }

这只是一个例子。如果您正在寻找如何绑定参数,那么您很可能已经知道“?”和“ ss”的含义。如果您以前曾查询过数据库,则无需解释。

相关问题
最新问题