使用 PHP 准备好的语句检索 sql 数据库信息

Retrieving sql database information with PHP prepared statements

我想在 table 中找到用户名并获取完整的名字和姓氏,连接并绑定到一个变量($usernames)。这是一个较大的登录文件中的一段代码,其中定义了 $link 等,并且连接正常:

$param_username = "x";
$users_fname = $users_sname = "";
$sql = "SELECT users_fname, users_sname FROM users WHERE users_username = ?";
$stmt = mysqli_prepare($link, $sql);
mysqli_stmt_bind_param($stmt, "s", $param_username);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $users_fname, $users_sname);
$usernames = $users_fname . $users_sname;

$_SESSION["username"] = $usernames;
echo  $_SESSION["username"];

谁能发现我可能做错了什么?

正在执行的语句似乎 return row/columns 直接在数据库上 运行 时就好了,即:

SELECT users_fname, users_sname FROM users WHERE users_username = 'x';

在这一行之后:

mysqli_stmt_bind_result($stmt, $users_fname, $users_sname);

添加:

mysqli_stmt_fetch($stmt);

然后:

 $usernames = $users_fname . $users_sname;
 $_SESSION["username"] = $usernames;
 echo  $_SESSION["username"];

你永远不会从服务器上获取任何东西。您必须使用 get_result() 才能得到结果。

$param_username = "x";
$sql = "SELECT CONCAT(users_fname, users_sname) AS fullname FROM users WHERE users_username = ?";
$stmt = $link->prepare($sql);
$stmt->bind_param("s", $param_username);
$stmt->execute();
$data = $stmt->get_result()->fetch_all(MYSQLI_ASSOC);
$_SESSION["username"] = $data[0]['fullname'];

我不推荐使用bind_result(),但是如果你想使用这个函数,那么你可以通过以下方式来实现:

$param_username = "x";
$sql = "SELECT CONCAT(users_fname, users_sname) AS fullname FROM users WHERE users_username = ?";
$stmt = $link->prepare($sql);
$stmt->bind_param("s", $param_username);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($_SESSION["username"]);
$stmt->fetch(); // execute for each row if you have more than 1

使用 PDO 这会快得多。