dtsc14683 2013-05-07 18:10
浏览 30
已采纳

PHP MySQLi bind_param()混乱

Long story short, I've gotten this far:

$stmt = $mysqli->prepare($sql);
$stmt->bind_param("s",$_GET['slug']);

But I'm completely confused on how to get the result into an associative array. I tried

$stmt = $mysqli->prepare($sql);
$result = $stmt->bind_param("s",$_GET['slug']);
while ($row = $result->fetch_assoc()) {
    printf ("%s (%s)
", $row["website_name"], $row["subheading"]);
}

I don't think I could use $mysqli->query($query) instead of a prepared statement, 'cause that seems like it would leave me open to SQL Injection attacks. Yet, that's the bit of code used in the PHP documentation for doing what I want to do. So I can't find anything that shows how to take the results of a prepared statement and move it into an associative array. Does anyone know? Is it even possible?

  • 写回答

2条回答 默认 最新

  • doucheng4094 2013-05-07 18:19
    关注

    Mysqli has two ways of doing queries.

    You can use prepared statements, where you use bind_param to fill in the placeholders, execute() to perform the query, and bind_result to receive the results.

    Or you can use statements with variables interpolated, like mysql. Then you can use fetch_assoc to receive the results into an associative array.

    I don't think you can mix these two approaches. You can't bind the parameters and then use a fetch function to receive results. If you want that ability, use PDO instead.

    It's annoying, IMHO.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度