1. 首頁
  2. 問答
  3. 需要幫助完成從mysql到mysqli的轉換

需要幫助完成從mysql到mysqli的轉換

2015-09-23 34 views
-2

我想將一個小文件從mysql轉換爲mysqli。這是我到目前爲止,但它不起作用。有人可以檢查它看看有什麼問題嗎?需要幫助完成從mysql到mysqli的轉換

$mysqli = new mysqli("localhost", "some_name", "password", "some_db"); 

if ($mysqli->connect_errno) { 
printf("Connect failed: %s\n", $mysqli->connect_error); 
exit(); 
} 

session_start(); 
if(isset($_SESSION['userid'])){ 
$user = mysqli_real_escape_string($mysqli, $_SESSION['userid']); 


// Retrieves variables through AJAX 

$favid = mysqli_real_escape_string($mysqli, $_GET['favid']); 


// Check if it is favored 


$query = $mysqli->prepare("SELECT * FROM favorites WHERE user='$user'"); 
$query->execute(); 
$query->store_result(); 
$userows = $query->num_rows; 


$query = $mysqli->prepare("SELECT * FROM favorites WHERE user='$user' AND favid='$favid'"); 
$query->execute(); 
$query->store_result(); 
$matches = $query->num_rows; 

// If it is favored, add 

if($matches == 0 && $userows < 30){ 
$mysqli->prepare("INSERT INTO favorites (user, favid, exptime) VALUES ('$user', '$favid', CURRENT_TIMESTAMP)"); 

echo ""; 
} 


// If it is favored, delete 

if($matches != 0){ 
$mysqli->prepare("DELETE FROM favorites WHERE user='$user' AND favid='$favid'"); 

echo ""; 
} 

} else { 


echo "Invalid session!"; 

}

原始(mysql)代碼正常工作。這只是我沒有足夠的經驗與mysqli。

來源

2015-09-23 VitalSigns

+0

您的代碼可能包含語法錯誤。 請查閱以下鏈接http://php.net/manual/en/mysqli.error.php和http://php.net/manual/en/function.error-reporting.php 並將其應用於您的代碼。 –

+0

您正在過程式PHP和麪向對象的PHP之間切換(您不應該)('mysqli_real_escape_string') – HPierce

+0

[您的腳本存在SQL注入攻擊的風險。](http://stackoverflow.com/questions/60174/如何我可以防止SQL注入在PHP) –

回答

0

窺視DOC

$stmt = $mysqli->prepare("INSERT INTO favorites (user, favid, exptime) VALUES (?, ?, CURRENT_TIMESTAMP)"); 
$stmt->bind_params('ss', $user, $favid); 
$stmt->execute();

這同樣適用於DELETE聲明。您嘗試使用準備好的語句(這很好!)。所以你應該按照它們的意思使用它們,並將params綁定到佔位符,而不是直接將它們插入到查詢字符串中。

來源

2015-09-23 21:27:03 dbarthel

+0

那麼刪除會是這樣嗎? '$ stmt = $ mysqli-> prepare(「DELETE FROM ajaxfavourites WHERE user ='$ user'AND favid ='$ favid'」); $ stmt-> bind_params($ user,$ favid); $ stmt-> execute(); ' – VitalSigns

+1

@VitalSigns - 不完全。看到SQL語句中的兩個'?'?這些是佔位符,然後填充'bind_param'。你的DELETE SQL應該是'DELETE FROM ajaxfavourites WHERE user =?'的行。 AND favid =?' – andrewsi

相關問題

 相關問題