我收到通知:尝试在行if ($resCategory->num_rows > 0)
中获取非对象的属性。我可以知道这里的错误是什么吗?
<?php
function categoryParentChildTree($parent = 'L1', $spacing = '', $category_tree_array = '') {
global $MySQLi_CON;
$parent = $MySQLi_CON->real_escape_string($parent);
if (!is_array($category_tree_array))
$category_tree_array = array();
$sqlCategory = "SELECT * FROM users where enrolled_id = $parent ORDER BY enrolled_id ASC";
$resCategory=$MySQLi_CON->query($sqlCategory);
if ($resCategory->num_rows > 0) {
while($rowCategories = $resCategory->fetch_assoc()) {
$category_tree_array[] = array("id" => $rowCategories['enroller_id'], "name" => $spacing . $rowCategories['user_name']);
$category_tree_array = categoryParentChildTree($rowCategories['enroller_id'], ' '.$spacing . '- ', $category_tree_array);
}
}
return $category_tree_array;
}
?>
答案 0 :(得分:0)
这意味着$resCategory
不是对象。如果查询失败,结果query
方法可能是对象(您期望的)或false
。
似乎由于某种原因您的查询失败了。检查错误以获取更多详细信
对于mysqli,最后一个错误保存在$MySQLi_CON->error
;
我可以看到你有SQL语法错误,它在$parent
字符串周围缺少引号。
应该是:
$sqlCategory = "SELECT * FROM users where enrolled_id = '$parent' ORDER BY enrolled_id ASC";
答案 1 :(得分:0)
你需要将TEXT参数包装在这样的单引号中,并且在反引号中包装表名和列名也是个好主意
您还应养成检查所有API调用状态的习惯,例如
$sqlCategory = "SELECT * FROM `users` where `enrolled_id` = '$parent'
ORDER BY `enrolled_id` ASC";
$resCategory=$MySQLi_CON->query($sqlCategory);
if ( !$resCategory ) {
echo $MySQLi_CON->error;
exit;
}
为了免受SQL注入攻击,您还应该使用准备好的参数化查询
$sqlCategory = "SELECT * FROM `users` where `enrolled_id` = ?
ORDER BY `enrolled_id` ASC";
$stmt = $MySQLi_CON->prepare($sqlCategory);
if ( !$stmt ) {
echo $MySQLi_CON->error;
exit;
}
$MySQLi_CON->bind_param('s', $parent);
$status = $MySQLi_CON->execute();
if ( !$status ) {
echo $MySQLi_CON->error;
exit;
}