迁移到准备好的语句
Migrating to prepared statements
我知道有与此类似的主题,但它们没有帮助我,我想将我的代码迁移到准备好的语句,但我不断收到错误或错误答案。计划是获得这样的代码:
$sql = "SELECT * FROM our_videos ORDER BY datemade DESC LIMIT 10";
$query = mysqli_query($db_conx, $sql);
while($row = mysqli_fetch_array($query, MYSQL_ASSOC))
{
$id = $row["id"];
$title = $row["title"];
$description = $row["description"];
echo "this is first row id".$id."";
}
对于这样的事情(这是我目前正在处理的错误示例):
$stmt = mysqli_prepare($db_conx, "SELECT id,title,description,champion FROM our_videos WHERE datemade BETWEEN NOW() - INTERVAL ? DAY AND NOW() AND LENGTH(champion) - LENGTH(REPLACE(champion, '$', '')) =? ORDER BY ? LIMIT 10");
$filter_date = mysqli_real_escape_string($db_conx,$_POST['filter_by_date']);
$filter_arrangement = mysqli_real_escape_string($db_conx,$_POST['filter_by_arrangement']);
$filter_champion_count = mysqli_real_escape_string($db_conx,$_POST['filter_by_champion_count']);
mysqli_stmt_bind_param($stmt, 'iis', $filter_date, $filter_champion_count, $filter_arrangement);
mysqli_stmt_execute($stmt);
while($data = mysqli_fetch_array($res, MYSQLI_ASSOC))
{
echo 'My name is '.$data['id'].'and my email is <br/>';
}
$res = mysqli_stmt_bind_result($stmt, $single_id, $single_title, $single_description, $single_champion);
我在尝试执行上面的示例时遇到此错误:
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result,
null given in
/home/troll4lol/domains/troll4lol.com/public_html/other_videos.php on
line 12
我对整个准备好的陈述真的很困惑,看起来并不难,但它...
您不应该使用 mysqli_fetch_array,因为您在获取时使用 mysqli_stmt_bind_result 来设置变量。
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $single_id, $single_title, $single_description, $single_champion);
while (mysqli_stmt_fetch($stmt)) {
echo "My name is $single_id and my email is <br>";
}
请参阅 documentation 中的示例。
根据文档中的示例对您的代码进行了一些更改
http://php.net/manual/en/mysqli-stmt.bind-result.php
参数化查询的一大优点是我们不再(通常)需要转义数据,它已经为我们完成了:D
$sql = "SELECT id,title,description,champion
FROM our_videos
WHERE datemade BETWEEN NOW() - INTERVAL ? DAY AND NOW()
AND LENGTH(champion) - LENGTH(REPLACE(champion, '$', '')) =?
ORDER BY # // :(
LIMIT 10";
$stmt = mysqli_prepare($db_conx, $sql);
mysqli_stmt_bind_param($stmt, 'iis', $_POST['filter_by_date'], $_POST['filter_by_champion_count'], $_POST['filter_by_arrangement']);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $single_id, $single_title, $single_description, $single_champion);
while (mysqli_stmt_fetch($stmt)) {
echo $single_id . ' ' . $single_title . ' ' . $single_description . ' ' . $single_champion;
}
mysqli_stmt_close($stmt);
注意那张悲伤的脸,你只能用占位符绑定数据。 Column/table 名称是架构的一部分,无法绑定。
我知道有与此类似的主题,但它们没有帮助我,我想将我的代码迁移到准备好的语句,但我不断收到错误或错误答案。计划是获得这样的代码:
$sql = "SELECT * FROM our_videos ORDER BY datemade DESC LIMIT 10";
$query = mysqli_query($db_conx, $sql);
while($row = mysqli_fetch_array($query, MYSQL_ASSOC))
{
$id = $row["id"];
$title = $row["title"];
$description = $row["description"];
echo "this is first row id".$id."";
}
对于这样的事情(这是我目前正在处理的错误示例):
$stmt = mysqli_prepare($db_conx, "SELECT id,title,description,champion FROM our_videos WHERE datemade BETWEEN NOW() - INTERVAL ? DAY AND NOW() AND LENGTH(champion) - LENGTH(REPLACE(champion, '$', '')) =? ORDER BY ? LIMIT 10");
$filter_date = mysqli_real_escape_string($db_conx,$_POST['filter_by_date']);
$filter_arrangement = mysqli_real_escape_string($db_conx,$_POST['filter_by_arrangement']);
$filter_champion_count = mysqli_real_escape_string($db_conx,$_POST['filter_by_champion_count']);
mysqli_stmt_bind_param($stmt, 'iis', $filter_date, $filter_champion_count, $filter_arrangement);
mysqli_stmt_execute($stmt);
while($data = mysqli_fetch_array($res, MYSQLI_ASSOC))
{
echo 'My name is '.$data['id'].'and my email is <br/>';
}
$res = mysqli_stmt_bind_result($stmt, $single_id, $single_title, $single_description, $single_champion);
我在尝试执行上面的示例时遇到此错误:
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in /home/troll4lol/domains/troll4lol.com/public_html/other_videos.php on line 12
我对整个准备好的陈述真的很困惑,看起来并不难,但它...
您不应该使用 mysqli_fetch_array,因为您在获取时使用 mysqli_stmt_bind_result 来设置变量。
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $single_id, $single_title, $single_description, $single_champion);
while (mysqli_stmt_fetch($stmt)) {
echo "My name is $single_id and my email is <br>";
}
请参阅 documentation 中的示例。
根据文档中的示例对您的代码进行了一些更改 http://php.net/manual/en/mysqli-stmt.bind-result.php
参数化查询的一大优点是我们不再(通常)需要转义数据,它已经为我们完成了:D
$sql = "SELECT id,title,description,champion
FROM our_videos
WHERE datemade BETWEEN NOW() - INTERVAL ? DAY AND NOW()
AND LENGTH(champion) - LENGTH(REPLACE(champion, '$', '')) =?
ORDER BY # // :(
LIMIT 10";
$stmt = mysqli_prepare($db_conx, $sql);
mysqli_stmt_bind_param($stmt, 'iis', $_POST['filter_by_date'], $_POST['filter_by_champion_count'], $_POST['filter_by_arrangement']);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $single_id, $single_title, $single_description, $single_champion);
while (mysqli_stmt_fetch($stmt)) {
echo $single_id . ' ' . $single_title . ' ' . $single_description . ' ' . $single_champion;
}
mysqli_stmt_close($stmt);
注意那张悲伤的脸,你只能用占位符绑定数据。 Column/table 名称是架构的一部分,无法绑定。