php中的mysql查询，来自两个表的条​​件更多

Question

First of all, I am absolute beginner with PHP and SQL. I have two tables: users(userID, fullname, username, email, pass, userlevel) and games(gameID, userID, club, result, created_time) . In table games I have userID , same as in table users , but it's not foreign key. When I do this query in MySQL it works fine:

DELETE FROM games 
WHERE EXISTS 
(SELECT * FROM users 
WHERE userlevel=2 
AND users.userID=games.userID)

It removes anything that users.userID matches with games.userID and if that user is userlevel 2 .

I need this in PHP, but only difference would be that userID will match user's ID that is logged,and user will be able to delete only the data that is input with its userID .

Also, how to allow everyone else, with userlevel 1 to be able to delete everything in table games no matter who entered on the same submit?

I have this, but its not working....it keeps givin' me the same error:

Fatal error: Call to a member function bind_param() on a non-object in C(...)

require ('db_con.php');     
session_start(); 
$userID=$_SESSION["UserID"];

if (isset($_POST['delete'])){                       
        $stmt=$con->prepare("DELETE FROM games WHERE  EXISTS (SELECT FROM users AS u WHERE u.userID = ? AND u.userlevel = 2 "));        

       $stmt->bind_param("s",$_POST['userID']));
       $stmt->execute();
}

Even if I put $userlevel=2 and replace in query u.userlevel = '$userlevel' , it gives the same error...

Any suggestions would be greatly appreciated. thanx!

Answer 1

userID is an integer value. Change bind_param line to

$stmt->bind_param('i', $user_id);

One reason prepare() can fail is -

if the sql statement sent to it is not valid in the current DB. prepare() will then return false if the sql statement sent to it is not valid in the current DB. prepare() will then return false .

Eg - if the table name is not correct or one or more field in the query does not exist .

Answer 2

You got a bracket mismatch:

    $stmt=$con->prepare("DELETE FROM games WHERE  EXISTS (SELECT FROM users AS u WHERE u.userID = ? AND u.userlevel = 2 "));        

should really be

$stmt=$con->prepare("DELETE FROM games WHERE EXISTS (SELECT * FROM users AS u WHERE u.userID = ? AND u.userlevel = 2 )");

Anyway, the error you received means that $con->prepare did not return an object. Most likely it returned false . I assume you are using PDO, so according to the docs:

If the database server cannot successfully prepare the statement, PDO::prepare() returns FALSE or emits PDOException (depending on error handling).

So that's the case here. Your MySQL-server was unable to bind the statement. In order to debug this better (eg see more helpful error messages) set PDO to throw exceptions on errors.

You could probably do it like this:

$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

Just add that line right after you connect to the database.

Answer 3

i found the error, here is the wright code:

$stmt=$con->prepare("DELETE FROM games WHERE EXISTS (SELECT * FROM users WHERE users.userID = ? AND users.userlevel = 2 )");

but its not working what i wanted, it deleted all from my games table :D i guess, SELECT * FROM has to be specific!