mysqli 到准備好的語句
[英]mysqli to prepared statement
問題描述
我正在嘗試將 mysqli 轉換為准備語句。 與他們中的大多數都取得了很大的進步,但不尋常。 我希望有人可以幫助它。
這是我的 mysqli 代碼
$UpdateQuery = "UPDATE user SET avatar ='$NewImageName' WHERE user_name = '$temp'";
$InsertQuery = "INSERT INTO user (avatar) VALUES ('$NewImageName')";
$result = mysqli_query($con, "SELECT * FROM user WHERE user_name = '$temp'");
if( mysqli_num_rows($result) > 0) {
if(!empty($_FILES['ImageFile']['name'])){
mysqli_query($con, $UpdateQuery)or die(mysqli_error($con));
header("location:edit-profile.php?user_name=$temp");
}
}
else {
mysqli_query($con, $InsertQuery)or die(mysqli_error($con));
header("location:edit-profile.php?user_name=$temp");
}
這些是我嘗試用准備好的語句修復它的嘗試
if(!($stmtUpdate = $con->prepare("UPDATE user SET avatar = ? WHERE user_name = ?"))) {
echo "Prepare failed: (" . $con->errno . ")" . $con->error;
}
if(!($stmtInsert = $con->prepare("INSERT INTO user ( avatar ) VALUES ( ? )"))) {
echo "Prepare failed: (" . $con->errno . ")" . $con->error;
}
if(!($stmtSelect = $con->prepare("SELECT * FROM user WHERE user_name = ? "))) {
echo "Prepare failed: (" . $con->errno . ")" . $con->error;
}
if(!$stmt->bind_param('sss', $temp, $NewImageName, $temp)) {
echo "Binding paramaters failed:(" . $stmt->errno . ")" . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: (" . $stmt->errno .")" . $stmt->error;
}
$stmt->store_result();
if($stmt->num_rows == 0) {
if(!empty($_FILES['ImageFile']['name'])){
$con->prepare($stmtUpdate)or die(mysqli_error($con));
header("location:edit-profile.php?user_name=$temp");
exit;
}
} else {
$stmt->bind_result($avatar, $avatar, $temp);
$stmt->fetch();
header("location:edit-profile.php?user_name=$temp");
}
$stmt->close();
我雖然我運行它一次並且出現錯誤,但我知道我最缺少一些東西。
1 個解決方案
解決方案1
1 已采納 2016-10-03 20:06:21
您嘗試將那些非准備語句更改為准備好的語句是錯誤的。 幾個問題是:
- 不需要為
SELECT、UPDATE和INSERT創建三個單獨的語句對象,一個語句對象就足夠了。 話雖如此,請始終關閉准備好的語句,再次使用它進行查詢。 -
if(!$stmt->bind_param(...,if(!$stmt->execute()等。$stmt不是語句對象,你甚至從未在任何地方創建或使用過這個變量。這就是為什么你得到這個致命錯誤:在非對象上調用成員函數 bind_param() ...錯誤。 - 查看上面未准備好的代碼,不需要使用
->bind_result()或->fetch()方法,只需執行INSERT或UPDATE操作並將用戶重定向到不同的頁面。
你准備好的代碼應該是這樣的:(底層邏輯嚴格類似於你的非准備代碼)
if(!($stmt = $con->prepare("SELECT * FROM user WHERE user_name = ?"))){
die("Prepare failed: (" . $con->errno . ") " . $con->error);
}
if(!$stmt->bind_param('s', $temp)){
die("Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
}
if($stmt->execute()){
$stmt->store_result();
$num_rows = $stmt->num_rows;
$stmt->close();
if($num_rows){
if(!empty($_FILES['ImageFile']['name'])){
if(!($stmt = $con->prepare("UPDATE user SET avatar = ? WHERE user_name = ?"))){
die("Prepare failed: (" . $con->errno . ") " . $con->error);
}
if(!$stmt->bind_param('ss', $NewImageName, $temp)){
die("Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
}
if($stmt->execute()){
$stmt->close();
header("location:edit-profile.php?user_name=" . $temp);
exit();
}else{
die("Execute failed: (" . $stmt->errno . ") " . $stmt->error);
}
}
}else{
if(!($stmt = $con->prepare("INSERT INTO user (avatar) VALUES (?)"))){
die("Prepare failed: (" . $con->errno . ") " . $con->error);
}
if(!$stmt->bind_param('s', $NewImageName)){
die("Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error);
}
if($stmt->execute()){
$stmt->close();
header("location:edit-profile.php?user_name=" . $temp);
exit();
}else{
die("Execute failed: (" . $stmt->errno . ") " . $stmt->error);
}
}
}else{
die("Execute failed: (" . $stmt->errno . ") " . $stmt->error);
}
使用mySQLi預准備語句進行更新
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.