douhuo0884 2015-08-04 21:27
浏览 25

在准备语句中转换PHP准备语句

I'm trying to convert the following php code into a prepared statements.

The code below querys for all games that has not started yet, delete all picks and then insert new picks.

$sql = "SELECT gameID, weekNum, gameTimeEastern FROM htb_schedule
            WHERE weekNum = " . $week . "
            AND (DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < gameTimeEastern
            AND DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < '" . $cutoffDateTime . "') ";

$query = $mysqli->query($sql);

if ($query->num_rows > 0) {

    while ($row = $query->fetch_assoc()) {

        $sql = "DELETE FROM htb_picks WHERE userID = " . $user->userID . " AND gameID = " . $row['gameID'];
        $mysqli->query($sql);

        if (!empty($_POST['game' . $row['gameID']])) {

            $sql = "INSERT INTO htb_picks (userID, gameID, pickID, weekN, timestamp) VALUES (" . $user->userID . ", " . $row['gameID'] . ", '" . $_POST['game' . $row['gameID']] . "', " . $week . ", NOW() )";
            $mysqli->query($sql);

        }
    }
}

The code below is my attempt at prepared statements.

$sql = "SELECT gameID, weekNum, gameTimeEastern FROM htb_schedule
            WHERE weekNum = ?
            AND (DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < gameTimeEastern
            AND DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < '" . $cutoffDateTime . "') ";

$stmt = $mysqli->prepare($sql);
$stmt->bind_param("i", $week);
$stmt->execute();
$stmt->bind_result($gameID, $weekNum, $gameTimeEastern);

if ($stmt->num_rows > 0) {

    while ($stmt->fetch()) {

        $sql = "DELETE FROM htb_picks WHERE userID = ? AND gameID = ? ";
        $stmt = $mysqli->prepare($sql);
        $stmt->bind_param("ii", $user->userID, $gameID);
        $stmt->execute();
        $stmt->close();

        if (!empty($_POST['game' . $row['gameID']])) {

            $sql = " INSERT INTO htb_picks (userID, gameID, pickID, weekN, timestamp) VALUES (?, ?, ?, ?, NOW()) ";
            $stmt = $mysqli->prepare($sql);
            $stmt->bind_param("iisi", $user->userID, $gameID, $_POST['game' . $row['gameID']], $week);
            $stmt->execute();
            $stmt->close();

        }
    }
}
$stmt->free_result();

The code is suppose to DELETE and INSERT results but it's not doing that. What am I doing wrong?

If I use the following code below it will work but the first sql is not a prepared statment.

$sql = "SELECT * FROM htb_schedule
            WHERE weekNum = " . $week . "
            AND (DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < gameTimeEastern
            AND DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < '" . $cutoffDateTime . "') ";

$query = $mysqli->query($sql);

if ($query->num_rows > 0) {

    while ($row = $query->fetch_assoc()) {

        $sql = "DELETE FROM htb_picks WHERE userID = ? AND gameID = ? ";

        $stmt = $mysqli->prepare($sql);

        $stmt->bind_param("ii", $user->userID, $row['gameID']);

        $stmt->execute();

        $stmt->close();

        if (!empty($_POST['game' . $row['gameID']])) {

            $sql = " INSERT INTO htb_picks (userID, gameID, pickID, weekN, timestamp) VALUES (?, ?, ?, ?, NOW()) ";

            $stmt = $mysqli->prepare($sql);

            $stmt->bind_param("iisi", $user->userID, $row['gameID'], $_POST['game' . $row['gameID']], $week);

            $stmt->execute();

            $stmt->close();

        }
    }
}
$query->free;
  • 写回答

1条回答 默认 最新

  • doutongwei4380 2015-08-04 21:40
    关注

    You are over writing the $stmt that is controlling your while loop while you are inside the while loop. You even ->close() it.

    All you need to do is use a different variables name for the statement when you are inside the loop

    Also you should check status of each mysqli command.

    $sql = "SELECT gameID, weekNum, gameTimeEastern FROM htb_schedule
            WHERE weekNum = ?
            AND (DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < gameTimeEastern
            AND DATE_ADD(NOW(), INTERVAL " . SERVER_TIMEZONE_OFFSET . " HOUR) < '" . $cutoffDateTime . "') ";

$stmt = $mysqli->prepare($sql);
if ( ! $stmt ) {
    echo $mysqli->error;
}
$stmt->bind_param("i", $week);

if ( ! $stmt->execute() ) {
    echo $stmt->error;
}

$stmt->bind_result($gameID, $weekNum, $gameTimeEastern);

if ($stmt->num_rows > 0) {

    while ($stmt->fetch()) {

        $sql = "DELETE FROM htb_picks WHERE userID = ? AND gameID = ? ";
        $stmt2 = $mysqli->prepare($sql);
        if ( ! $stmt2 ) {
            echo $mysqli->error;
        }
        $stmt2->bind_param("ii", $user->userID, $gameID);
        if ( ! $stmt2->execute() )
        {
            echo $stmt2->error;
            exit;
         }

        $stmt2->close();

        // stmt2 is closed and finished with, so its name can be reused

        if (!empty($_POST['game' . $row['gameID']])) {

            $sql = "INSERT INTO htb_picks 
                            (userID, gameID, pickID, weekN, timestamp) 
                     VALUES (?, ?, ?, ?, NOW()) ";
            $stmt2 = $mysqli->prepare($sql);
            if ( ! $stmt2 ) {
                echo $mysqli->error;
            }

            $stmt2->bind_param("iisi", $user->userID, 
                                       $gameID, 
                                       $_POST['game' . $row['gameID']], 
                                       $week);

            if ( ! $stmt2->execute() )
            {
                echo $stmt2->error;
                exit;
             }

            $stmt2->close();

        }
    }
}
$stmt->close();
    评论

报告相同问题?

悬赏问题

  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP