Question

我收到通知：尝试在行if ($resCategory->num_rows > 0)中获取非对象的属性。我可以知道这里的错误是什么吗？

<?php
function categoryParentChildTree($parent = 'L1', $spacing = '', $category_tree_array = '') {
    global $MySQLi_CON;
    $parent = $MySQLi_CON->real_escape_string($parent);
    if (!is_array($category_tree_array))
        $category_tree_array = array();
    $sqlCategory = "SELECT * FROM users where enrolled_id = $parent ORDER BY enrolled_id ASC";
    $resCategory=$MySQLi_CON->query($sqlCategory);
    if ($resCategory->num_rows > 0) {
        while($rowCategories = $resCategory->fetch_assoc()) {
            $category_tree_array[] = array("id" => $rowCategories['enroller_id'], "name" => $spacing . $rowCategories['user_name']);
            $category_tree_array = categoryParentChildTree($rowCategories['enroller_id'], '&nbsp;&nbsp;&nbsp;&nbsp;'.$spacing . '-&nbsp;', $category_tree_array);
        }
    }
    return $category_tree_array;
}
?>

Answer 1

这意味着$resCategory不是对象。如果查询失败，结果query方法可能是对象（您期望的）或false。

似乎由于某种原因您的查询失败了。检查错误以获取更多详细信

对于mysqli，最后一个错误保存在$MySQLi_CON->error;

中

我可以看到你有SQL语法错误，它在$parent字符串周围缺少引号。

应该是：

$sqlCategory = "SELECT * FROM users where enrolled_id = '$parent' ORDER BY enrolled_id ASC";

Answer 2

你需要将TEXT参数包装在这样的单引号中，并且在反引号中包装表名和列名也是个好主意

您还应养成检查所有API调用状态的习惯，例如

$sqlCategory = "SELECT * FROM `users` where `enrolled_id` = '$parent' 
                ORDER BY `enrolled_id` ASC";
$resCategory=$MySQLi_CON->query($sqlCategory);
if ( !$resCategory ) {
    echo $MySQLi_CON->error;
    exit;
}

为了免受SQL注入攻击，您还应该使用准备好的参数化查询

$sqlCategory = "SELECT * FROM `users` where `enrolled_id` = ? 
                 ORDER BY `enrolled_id` ASC";

$stmt = $MySQLi_CON->prepare($sqlCategory);
if ( !$stmt ) {
    echo $MySQLi_CON->error;
    exit;
}

$MySQLi_CON->bind_param('s', $parent);
$status = $MySQLi_CON->execute();

if ( !$status ) {
    echo $MySQLi_CON->error;
    exit;
}

注意：尝试获取非对象的属性

2 个答案: