1. 首頁
  2. 問答
  3. 如何在PHP中使用mysqli預處理語句?

如何在PHP中使用mysqli預處理語句?

2012-03-09 61 views
4

我正在嘗試準備好的語句,但下面的代碼不起作用。我得到的錯誤:如何在PHP中使用mysqli預處理語句?

Fatal error: Call to a member function execute() on a non-object in /var/www/prepared.php on line 12

<?php 

    $mysqli = new mysqli("localhost", "root", "root", "test"); 
    if ($mysqli->connect_errno) { 
     echo "Failed to connect to MySQL: " . $mysqli->connect_error; 
    } 

    $stmt = $mysqli->prepare("INSERT INTO users (name, age) VALUES (?,?)"); 

    // insert one row 
    $stmt->execute(array('one',1)); 

    // insert another row with different values 
    $stmt->execute(array('two',1)); 
?>

而且,我需要用mysqli的準備語句?任何人都可以指向我一個完整的例子,從連接到插入到錯誤處理選擇的準備語句?

來源

2012-03-09 aWebDeveloper

+4

*「任何人都可以指出一個完整的例子,在從連接到插入到錯誤處理選擇的準備語句中」*是的。 http://php.net/manual/en/mysqli.prepare.php。請注意,如果發生錯誤,「* mysqli_prepare()'行將返回語句對象或'FALSE'。」*。 – Tomalak 2012-03-09 05:25:36

回答

9

FDSA 從mysqli::prepare docs

The parameter markers must be bound to application variables using mysqli_stmt_bind_param() and/or mysqli_stmt_bind_result() before executing the statement or fetching rows.

bind_param docs

即:

$stmt = $mysqli->prepare("INSERT INTO users (name, age) VALUES (?,?)"); 

// bind parameters. I'm guessing 'string' & 'integer', but read documentation. 
$stmt->bind_param('si','one',1); 

// *now* we can execute 
$stmt->execute();

來源

2012-03-09 05:27:50

+0

哦,以及@ Tomalak建議首先檢查'$ stmt'是否爲FALSE(即發生錯誤)。 – 2012-03-09 05:28:58

6

Also do i need to use mysqli for prepared statement. Can any one point me to a complete example on prepared statement from connection to insertion to selection with error handling

您也可以使用PDO,我更喜歡。事實上,它看起來像你在你的代碼示例中令人困惑的PDO和Mysqli。

$db = new PDO($dsn, $user, $pass); 
$stmt = $db->prepare("INSERT INTO users (name, age) VALUES (?,?)"); 
$stmt->execute(array($name1, $age1)); 
$stmt->execute(array($name2, $age2));

不像你沒有打電話給一個單獨的綁定功能mysqli的,但如果你喜歡/該功能也可想/需要使用它。

約PDO的另一個有趣的事情是指定的佔位符,可以在複雜的查詢是混亂的要少得多:

$db = new PDO($dsn, $user, $pass); 
$stmt = $db->prepare("INSERT INTO users (name, age) VALUES (:name,:age)"); 
$stmt->execute(array(':name' => $name1, ':age' => $age1)); 
$stmt->execute(array(':name' => $name2, ':age' => $age2));

來源

2012-03-09 05:29:39 prodigitalson

-7

試試這個,乾淨的輸入數據。 並且不要忘記php標籤。

function clean($data) 
{ 
    $data = trim(strip_tags(htmlspecialchars($data))); 
    return $data; 
} 

$field1 = isset($_POST['field1']) ? clean($_POST['field1']): NULL; 
$field2 = isset($_POST['field2']) ? clean($_POST['field2']): NULL; 
$field3 = isset($_POST['field3']) ? clean($_POST['field3']): NULL; 
$field4 = isset($_POST['field4']) ? clean($_POST['field4']): NULL; 
$field5 = isset($_POST['field5']) ? clean($_POST['field5']): NULL; 
$field6 = isset($_POST['field6']) ? clean($_POST['field6']): NULL; 
$field7 = isset($_POST['field7']) ? clean($_POST['field7']): NULL; 
$database = new mysqli("localhost", "username", "password", "database"); 
if ($database->errno) die("Error opening database: " . $database->error()); 
$query = 'INSERT INTO `tablename` (`field1`, `field2`, `field3`, `field4`, `field5`, `field6`, `field7`) VALUES (?, ?, ?, ?, ?, ?, ?)'; 
$result = $database->prepare($query); 
$result->bind_param('sssssss', $field1, $field2, $field3, $field4, $field5, $field6, $field7); 
$result->execute(); 
$database->close(); 
{ 
    header("Location: http://www.somewebsite.com"); 
}

來源

2013-11-17 06:44:22 steve

+1

此函數不會清理任何與mysqli預處理語句無關的任何內容 – 2013-11-17 07:57:40

+0

這是一個經過測試且功能正常的腳本,您是否可能因爲解釋您的語句原因而煩心呢? – steve 2013-11-17 23:13:00

相關問題

 相關問題