dongtanxi5676756 2013-02-18 01:10
浏览 115

bind_param,无效对象或资源的重复出现问题

I've got this problem I'm having with bind_param and I have no clue what's going wrong:

<?php
$mysqli = new mysqli("$host","$user","$pass","$db");
if(isset($_GET['catName'])) {
    $category = "%" . $_GET['catName'] . "%";
}

//setup query
$catSearch = $mysqli->stmt_init();

//search values
$catQuery = "SELECT lister_id,
             logo_file_name,
             listing_name,
             street_address,
             city,
             state,
             zip

      FROM listers

      INNER JOIN listings

      ON listers.lister_id = listings.lister_id

      WHERE listings.listing_category LIKE ?";

$catSearch->prepare($catQuery);
$catSearch->bind_param('s', $category);
$catSearch->bind_result($id, $imgfile, $name, $address, $city, $state, $zip);
$catSearch->execute();
$catSearch->store_result();
$mainRows = $catSearch->num_rows();
?>

The warning I'm getting is:

Warning: mysqli_stmt::bind_param(): invalid object or resource mysqli_stmt in C:\wamp\www\RP\catSearch.php on line 29

And what's killing me is this exact syntax is holding together 7 or 8 other documents just like it, but for some reason this one keeps breaking. I've checked each of the tables, and they're good (which was the problem the last time this happened). I'm making sure I'm declaring my stmt_init() well before everything else (had a problem with that before, too). I've got echo $_GET['catName'] printed all over the sheet, so it's coming through (had a problem there once as well).

Also, a more meta question, but I've been told using bind_param is the best way to prevent SQL injection; is this really all the security I need? (I mean, within reason, I'm sure there's more security, but this is a small yellow pages type of site).

  • 写回答

1条回答 默认 最新

  • dongshipang8094 2013-02-18 01:32
    关注

    Okay, thanks to @michaelberkoski and a little help from another page on here, I figured out the issue. Because both tables contained lister_id, it was throwing an error, I changed my query to:

    $catQuery = "SELECT listers.lister_id,
                 listers.logo_file_name,
                 listers.listing_name,
                 listers.street_address,
                 listers.city,
                 listers.state,
                 listers.zip
    
          FROM listers
    
          INNER JOIN listings
    
          ON listers.lister_id = listings.lister_id
    
          WHERE listings.listing_category LIKE ?";
    

    Where I added table. (listers.) to each of my columns I'm retrieving. Worked like a charm.

    评论

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题