PHP-MySQLi预准备语句

Question

$name = $_GET['user'];
if(isset($_GET['user']) && strlen($_GET['user'])>0) {
    $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db);
    $stmt = $mysqli->prepare("SELECT username FROM users WHERE username=?");
    $stmt->bind_param('s', $name);
    $stmt->execute();
    while($stmt->fetch()) {
        if($stmt->num_rows == 0) {
            header("Location: home?errormsg=notfound");
            exit();
        }
    }
    $stmt->store_result();
    $stmt->close();
}
$mysqli->close();

So, the above code checks if $_GET['name'] exists in the database, and if it doesn't, to redirect to home?errormsg=notfound but it redirects the usernames which exists in the database to the link 'home?errormsg=notfound' as well. Can you suggest a way to solve this problem?

Answer 1

You have to call $stmt->store_result() before $stmt->num_rows .

And your $stmt->fetch() is not necessary, because you don't use the selected data.

If you call store_result() after num_rows it won't work.

Part of comment from manual page :

If you do not use mysqli_stmt_store_result( ), and immediatley call this function after executing a prepared statement, this function will usually return 0 as it has no way to know how many rows are in the result set as the result set is not saved in memory yet.

So your code should look like this:

$name = $_GET['user'];
if(isset($_GET['user']) && strlen($_GET['user'])>0) {
    $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $db);
    $stmt = $mysqli->prepare("SELECT username FROM users WHERE username=?");
    $stmt->bind_param('s', $name);
    $stmt->execute();
    $stmt->store_result();
    if($stmt->num_rows == 0) {
        header("Location: home?errormsg=notfound");
        exit();
    }
    $stmt->close();
}
$mysqli->close();

Answer 2

I have not tried this but maybe it helps.

You are calling $stmt->store_result(); after $stmt->num_rows
Please try moving $stmt->store_result(); before $stmt->num_rows

Example. you can see here