使用准备好的语句将mySQLi SELECT查询转换为PDO时出现问题

Question

如何在PDO中使用需要POST请求输入的准备好的语句在PDO中重写以下简单的SELECT mySQL PHP脚本，然后使用PDO重写。

<?php

    // Create connection
$con=mysqli_connect("localhost","username","password","dbname");

// Check connection
if (mysqli_connect_errno())

{
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$FieldInput = $_POST['FieldInput'];

$return = ['error' => false];

$sql =  "SELECT Field1, Field2
        from Table1 WHERE (Field3 = '$FieldInput')";


$result = mysqli_query($con, $sql);
if($result && $result->num_rows > 0){
    $return['error'] = true;
}
mysqli_close($con);
echo json_encode($return);

?>

PDO中的输出必须遵循相同的原理

{"error":true}

如果找到记录并

{"error":false}

如果找不到记录。

到目前为止，这是我尝试过的：

我认为WHERE子句的语法不正确，因为POST的输入永远不会到达查询

<?php
    $mysqli = new mysqli("server", "username", "password", "database_name");

    // TODO - Check that connection was successful.

    $unsafe_variable = $_POST["user-input"];

    $stmt = $mysqli->prepare("SELECT Field1, Field2 from Table1 WHERE ( Field3 = ? ) );

    // TODO check that $stmt creation succeeded

    // "s" means the database expects a string
    $stmt->bind_param("s", $unsafe_variable);

    $stmt->execute();

    $stmt->close();

    $mysqli->close();
?>

Answer 1

这就是你想要的

<?php

// Create connection
$con=mysqli_connect("localhost","username","password","dbname");

// Check connection
if (mysqli_connect_errno())

{
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$return = ['error' => false];
$query = 'SELECT Field1, Field2
    from Table1 WHERE (Field3 =?)';
$stmt = $con->prepare($query);
$stmt->bind_param("s", $fieldinput);
$fieldinput = $_POST['FieldInput'];
if ($stmt->execute()) {
   if ($stmt->rowCount() > 0) {
     $return['error'] = true;
   }    
 }
 $stmt->close();
 mysqli_close($con);
 echo json_encode($return);
 ?>

万一你需要所有行的东西

 while ($row = $stmt->fetch()) {
   print_r($row);
 }