duanniu4106 2017-04-11 22:13
浏览 46
已采纳

在预准备语句中绑定参数

I found out earlier today that I am quite behind with using prepared statements. I tried to make a prepared statement to get some data out from my database.

I would like to print all the rows in my database, but I am not quite sure how to do that in my while loop?

<?php

    /* Prepare */
    if ($stmt = $mysqli->prepare("SELECT * FROM stores")) {
        echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
    }

    /* Bind and execute */
    $id = null;
    $headline = null;
    $description = null;
    $place = null;
    if (!$stmt->bind_param("i", $id, "s", $headline, "s", $description, "s", $place)) {
        echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
    }

    if (!$stmt->execute()) {
        echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
    }

    while ($stmt->fetch()) {
        /* Loop through my rows in MySQL and print all rows*/
        echo $id, $headline, $description,$place;
    }

    /* Close Statement */
    $stmt->close();

    /* Close Connection */
    $mysqli->close();

?>
  • 写回答

1条回答 默认 最新

  • doushang8846 2017-04-12 00:49
    关注
    if (!$stmt->bind_param("isss", $id, $headline, $description, $place))
    {
        echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    

    You'll want to do that. As @Fred-ii said in the comments. You've got the syntax wrong.

    How it works is that the first parameter of bind_param is all your data types as one string, then you list your data afterwards. Ensure that you use the right data type and the right amount of parameters.

    Update

    Having inspected your code further, I realise you haven't use prepare correctly. I'll include a demonstration below so you can use it as a guide.

    $stmt = $mysqli->prepare("SELECT * FROM myTable WHERE id = ? AND name = ?");
    if (!$stmt->bind_param("is", $id, $name))
    {
        echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    if (!$stmt->execute())
    {
        echo "Execution failed: (" . $stmt->errno . ") " . $stmt->error;
    }
    

    The question marks delineate each variable. This means that you put a ? where you want a variable to go.
    Then you use bind_param to list your data types (as stated above) with your variables or data following.

    Update 2

    $errors = array(); // store errors here
    $stmt = $mysqli->prepare("SELECT name FROM myTable WHERE id = ?"); // prepare our statement
    
    // check that our parameters match, if not then add error
    if (!$stmt->bind_param("i", $id))
    {
        array_push($errors, "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
    }
    
    // if no errors and statement fails to run
    if (count($errors) <= 0 && !$stmt->execute())
    {
        array_push($errors, "Execution failed: (" . $stmt->errno . ") " . $stmt->error);
    }
    
    // no statement errors
    if (count($errors) <= 0)
    {
        $stmt->bind_result($name); // store the results of the statement in this variable
    
        // iterate through each row of the database
        while ($stmt->fetch())
        {
            echo $name;
        }
    }
    // report the errors
    else
    {
        echo "<h3>Errors</h3>";
        foreach ($errors as $error)
        {
            echo "<p>$error</p>";
        }
    }
    
    • $errors = array()
      Here I create an array that will hold all of our error messages.
    • array_push($errors, "...")
      The array_push function will add a variable to the array in the syntax of array_push($array, $var) where $array is the array that will have items added, and $var is the item you want to add.
      I use this so that I can add errors in a neat way, that can be later iterated.
    • count($errors)
      The count function will count the number of elements in an array.
      I use this to see if any errors have been added to the array. When I initialise $errors there are no elements in it so it will return 0.
    • $stmt->bind_result($name)
      This is written outside of the while loop since it is used to tell the statement that we want to store all of the column name inside this variable named $name.
    • while ($stmt->fetch())
      This will iterate through each row in the database. Each iteration of the while loop will be one row of the database. In my example, I simply echoed the value for the name column.
      It is possible to store more than one column. Just add the column in the SQL query (SELECT col1, col2, col3 FROM mytable) and then store each column in a variable in bind_result ($stmt->bind_result($col1, $col2, $col3);. Note that they do not have to be the same name as the column; this is also valid $stmt->bind_result($myVar, $someVar, $anotherVar);).
    • foreach ($errors as $error)
      foreach takes an array and iterates through it, storing each iteration in the variable following as.
      In this instance we have errors stored in an array named $errors, and we store each one in $error and write it in a paragraph tag.
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 乌班图ip地址配置及远程SSH
  • ¥15 怎么让点阵屏显示静态爱心,用keiluVision5写出让点阵屏显示静态爱心的代码,越快越好
  • ¥15 PSPICE制作一个加法器
  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系
  • ¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
  • ¥15 java 的protected权限 ,问题在注释里
  • ¥15 这个是哪里有问题啊?