mysqli 到准备好的语句

Question

Am trying to convert mysqli to prepare statement.我正在尝试将 mysqli 转换为准备语句。 Have being making alot of progress with most of them,but is unusual.与他们中的大多数都取得了很大的进步，但不寻常。 I hope some can help with it.我希望有人可以帮助它。

here is my mysqli code这是我的 mysqli 代码

            $UpdateQuery = "UPDATE user SET avatar ='$NewImageName' WHERE user_name = '$temp'";
            $InsertQuery = "INSERT INTO user (avatar) VALUES ('$NewImageName')";

           $result = mysqli_query($con, "SELECT * FROM user WHERE user_name = '$temp'");
            if( mysqli_num_rows($result) > 0) {
                if(!empty($_FILES['ImageFile']['name'])){
                    mysqli_query($con, $UpdateQuery)or die(mysqli_error($con));
                    header("location:edit-profile.php?user_name=$temp");
                }
            } 
            else {
                mysqli_query($con, $InsertQuery)or die(mysqli_error($con));
                header("location:edit-profile.php?user_name=$temp");
            }

These is my attempt to try and fix it with prepared statement这些是我尝试用准备好的语句修复它的尝试

           if(!($stmtUpdate = $con->prepare("UPDATE user SET avatar = ? WHERE user_name = ?"))) {
        echo "Prepare failed: (" . $con->errno . ")" . $con->error;
    }
        if(!($stmtInsert = $con->prepare("INSERT INTO user ( avatar ) VALUES ( ? )"))) {
        echo "Prepare failed: (" . $con->errno . ")" . $con->error;
    } 
        if(!($stmtSelect = $con->prepare("SELECT * FROM user WHERE user_name = ? "))) {
        echo "Prepare failed: (" . $con->errno . ")" . $con->error;
    }        
        if(!$stmt->bind_param('sss', $temp, $NewImageName, $temp)) {
      echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
    }      
        if(!$stmt->execute()){
             echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
    }

    $stmt->store_result();  
    if($stmt->num_rows == 0) {
           if(!empty($_FILES['ImageFile']['name'])){
                    $con->prepare($stmtUpdate)or die(mysqli_error($con));
                    header("location:edit-profile.php?user_name=$temp");
             exit;
                }
            } else {
        $stmt->bind_result($avatar, $avatar, $temp);
        $stmt->fetch();
          header("location:edit-profile.php?user_name=$temp");
        }

   $stmt->close();

I Although i run it once and i get error, i know am most be missing some thing.我虽然我运行它一次并且出现错误，但我知道我最缺少一些东西。

Answer 1

Your attempt to change those non-prepared statements to prepared statements is wrong.您尝试将那些非准备语句更改为准备好的语句是错误的。 Few issues are:几个问题是：

There's no need to create three separate statement objects for SELECT , UPDATE and INSERT , only one statement object is enough.不需要为SELECT 、 UPDATE和INSERT创建三个单独的语句对象，一个语句对象就足够了。 Having said that, always close the prepared statement using using it again for your query.话虽如此，请始终关闭准备好的语句，再次使用它进行查询。
if(!$stmt->bind_param(... , if(!$stmt->execute() etc. $stmt is not a statement object, you never even created or used this variable anywhere. And that's why you're getting this Fatal error: Call to a member function bind_param() on a non-object ... error. if(!$stmt->bind_param(... , if(!$stmt->execute()等。 $stmt不是语句对象，你甚至从未在任何地方创建或使用过这个变量。这就是为什么你得到这个致命错误：在非对象上调用成员函数 bind_param() ...错误。
Looking at your non-prepared code above, there's no need to use ->bind_result() or ->fetch() method, simply perform INSERT or UPDATE operation and redirect the user to a different page.查看上面未准备好的代码，不需要使用->bind_result()或->fetch()方法，只需执行INSERT或UPDATE操作并将用户重定向到不同的页面。

Your prepared code should be like this: (The underlying logic strictly resembles your non-prepared code)你准备好的代码应该是这样的：（底层逻辑严格类似于你的非准备代码）

if(!($stmt = $con->prepare("SELECT * FROM user WHERE user_name = ?"))){
    die("Prepare failed: (" . $con->errno . ") " . $con->error);
} 
if(!$stmt->bind_param('s', $temp)){
    die("Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
}
if($stmt->execute()){
    $stmt->store_result();
    $num_rows = $stmt->num_rows;
    $stmt->close();

    if($num_rows){
        if(!empty($_FILES['ImageFile']['name'])){
            if(!($stmt = $con->prepare("UPDATE user SET avatar = ? WHERE user_name = ?"))){
                die("Prepare failed: (" . $con->errno . ") " . $con->error);
            } 
            if(!$stmt->bind_param('ss', $NewImageName, $temp)){
                die("Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
            }
            if($stmt->execute()){
                $stmt->close();
                header("location:edit-profile.php?user_name=" . $temp);
                exit();
            }else{
                die("Execute failed: (" . $stmt->errno . ") " . $stmt->error);
            }
        }
    }else{
        if(!($stmt = $con->prepare("INSERT INTO user (avatar) VALUES (?)"))){
            die("Prepare failed: (" . $con->errno . ") " . $con->error);
        } 
        if(!$stmt->bind_param('s', $NewImageName)){
            die("Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
        } 
        if($stmt->execute()){
            $stmt->close();
            header("location:edit-profile.php?user_name=" . $temp);
            exit();
        }else{
            die("Execute failed: (" . $stmt->errno . ") " . $stmt->error);
        }
    }
}else{
    die("Execute failed: (" . $stmt->errno . ") " . $stmt->error);
}

mysqli 到准备好的语句

问题描述

1 个解决方案

解决方案1
1 已采纳 2016-10-03 20:06:21

mysqli 到准备好的语句

问题描述

1 个解决方案

解决方案1 1 已采纳 2016-10-03 20:06:21

解决方案1
1 已采纳 2016-10-03 20:06:21