我是PHP新手,出于安全原因,在将我的SQL查询转换为准备好的语句时遇到了一些麻烦。
我先前存在且有效的PHP查询写为:
$emailRowsResult = $db->query("SELECT COUNT(*) as count FROM user WHERE user.email = '$user_email';");
$emailRowsResultRows = $emailRowsResult->fetch();
$numEmailRowsResultRows = $emailRowsResultRows['count'];
if ($numEmailRowsResultRows > 0) {
$response->set_http_code(400);
$response->failure("Email already exists!");
log_to_console("Email already exists!");
return true;
}
我准备好的语句的代码版本如下:
$checkEmailRowsStatement = $db->prepare("SELECT COUNT(*) as count FROM user WHERE user.email = :email;");
$checkEmailRowsStatement->bindParam(':email', $user_email);
$emailRowsResult = $checkEmailRowsStatement->execute();
$emailRowsResultRows = $emailRowsResult->fetch();
$numEmailRowsResultRows = $emailRowsResultRows['count'];
if ($numEmailRowsResultRows > 0) {
$response->set_http_code(400);
$response->failure("Email already exists!");
log_to_console("Email already exists!");
return true;
}
运行我准备好的语句版本的代码时,我看到以下错误: PHP致命错误:未捕获错误:在bool上调用成员函数fetch()
堆栈跟踪: path \ server.php(42):注册(对象(请求),对象(响应),对象(PDO))