[英]mysqli to prepared statement
我正在尝试将 mysqli 转换为准备语句。 与他们中的大多数都取得了很大的进步,但不寻常。 我希望有人可以帮助它。
这是我的 mysqli 代码
$UpdateQuery = "UPDATE user SET avatar ='$NewImageName' WHERE user_name = '$temp'";
$InsertQuery = "INSERT INTO user (avatar) VALUES ('$NewImageName')";
$result = mysqli_query($con, "SELECT * FROM user WHERE user_name = '$temp'");
if( mysqli_num_rows($result) > 0) {
if(!empty($_FILES['ImageFile']['name'])){
mysqli_query($con, $UpdateQuery)or die(mysqli_error($con));
header("location:edit-profile.php?user_name=$temp");
}
}
else {
mysqli_query($con, $InsertQuery)or die(mysqli_error($con));
header("location:edit-profile.php?user_name=$temp");
}
这些是我尝试用准备好的语句修复它的尝试
if(!($stmtUpdate = $con->prepare("UPDATE user SET avatar = ? WHERE user_name = ?"))) {
echo "Prepare failed: (" . $con->errno . ")" . $con->error;
}
if(!($stmtInsert = $con->prepare("INSERT INTO user ( avatar ) VALUES ( ? )"))) {
echo "Prepare failed: (" . $con->errno . ")" . $con->error;
}
if(!($stmtSelect = $con->prepare("SELECT * FROM user WHERE user_name = ? "))) {
echo "Prepare failed: (" . $con->errno . ")" . $con->error;
}
if(!$stmt->bind_param('sss', $temp, $NewImageName, $temp)) {
echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
}
$stmt->store_result();
if($stmt->num_rows == 0) {
if(!empty($_FILES['ImageFile']['name'])){
$con->prepare($stmtUpdate)or die(mysqli_error($con));
header("location:edit-profile.php?user_name=$temp");
exit;
}
} else {
$stmt->bind_result($avatar, $avatar, $temp);
$stmt->fetch();
header("location:edit-profile.php?user_name=$temp");
}
$stmt->close();
我虽然我运行它一次并且出现错误,但我知道我最缺少一些东西。
您尝试将那些非准备语句更改为准备好的语句是错误的。 几个问题是:
SELECT
、 UPDATE
和INSERT
创建三个单独的语句对象,一个语句对象就足够了。 话虽如此,请始终关闭准备好的语句,再次使用它进行查询。if(!$stmt->bind_param(...
, if(!$stmt->execute()
等。 $stmt
不是语句对象,你甚至从未在任何地方创建或使用过这个变量。这就是为什么你得到这个致命错误:在非对象上调用成员函数 bind_param() ...错误。->bind_result()
或->fetch()
方法,只需执行INSERT
或UPDATE
操作并将用户重定向到不同的页面。你准备好的代码应该是这样的:(底层逻辑严格类似于你的非准备代码)
if(!($stmt = $con->prepare("SELECT * FROM user WHERE user_name = ?"))){
die("Prepare failed: (" . $con->errno . ") " . $con->error);
}
if(!$stmt->bind_param('s', $temp)){
die("Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
}
if($stmt->execute()){
$stmt->store_result();
$num_rows = $stmt->num_rows;
$stmt->close();
if($num_rows){
if(!empty($_FILES['ImageFile']['name'])){
if(!($stmt = $con->prepare("UPDATE user SET avatar = ? WHERE user_name = ?"))){
die("Prepare failed: (" . $con->errno . ") " . $con->error);
}
if(!$stmt->bind_param('ss', $NewImageName, $temp)){
die("Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
}
if($stmt->execute()){
$stmt->close();
header("location:edit-profile.php?user_name=" . $temp);
exit();
}else{
die("Execute failed: (" . $stmt->errno . ") " . $stmt->error);
}
}
}else{
if(!($stmt = $con->prepare("INSERT INTO user (avatar) VALUES (?)"))){
die("Prepare failed: (" . $con->errno . ") " . $con->error);
}
if(!$stmt->bind_param('s', $NewImageName)){
die("Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
}
if($stmt->execute()){
$stmt->close();
header("location:edit-profile.php?user_name=" . $temp);
exit();
}else{
die("Execute failed: (" . $stmt->errno . ") " . $stmt->error);
}
}
}else{
die("Execute failed: (" . $stmt->errno . ") " . $stmt->error);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.