Prepared statement works for INSERT but not for SE

2019-07-19 16:07发布

站内文章 / PHP
11 0 0

问题:

EDIT: SOLVED, SEE BELOW But still dont know what did I do to make it work :)

OK, I am stuck now. I have table users:

ID int PRIMARY AUTO_INCREMENT
EMAIL varchar(60)
NICK varchar(60)
//...

If I do:

<?php
$email = $_POST["mai"];
$nickname = $_POST["nck"];
$mysqli = new mysqli($db_host, $db_username, $db_password, $database);
$prepared_statement = "INSERT INTO users VALUES(?,?,?)";
if ($stmt = $mysqli->prepare($prepared_statement)) {
 $id = "";
 $stmt->bind_param("iss",$id,$email,$nickname); 
 $stmt->execute();
}
?>

It works every single time. But if I do the same with select:

<?php
 $previous_entries = new mysqli($db_host, $db_username, $db_password, $database);
 $check = $previous_entries->prepare("SELECT ID,NICK FROM users WHERE EMAIL=?;");
 $check->bind_param("s",$email);
 $check->execute();
 $check->bind_result($maybe_id,$maybe_got_something);

  while ($check->fetch()) { //here was typo, but fixed now 
    if ($maybe_got_something==$nickname){
     echo "Hooray!";
    }
  } 

?>

I never ever see the "Hooray!"

But, If I change it like this:

$previous_entries = new mysqli($db_host, $db_username, $db_password, $database);
$prepared_statement = "SELECT ID,NICK FROM users WHERE EMAIL=";
$prepared_statement .=$email;
$result = $previous_entries->query($prepared_statement);
while ($row = $result->fetch_array()){
  if ($row["NICK"]==$nickname){
     echo "Hooray!";
    }
}

Then everything is ok.

I am doing some terrible mistake in prepared statement. But I really really cannot find it... What am I doing wrong here?

EDIT: Updated the script to correct bad typo, and added these two rows: 

echo "maybeid: ".. $maybe_id;
echo "maybenick:". $maybe_got_something;

Page echos this:

  maybeid: maybenick:

EDIT: WORKING CODE When trying to debug it, I got to this:

$previous_entries = new mysqli($db_host, $db_username, $db_password, $database);
$check = $previous_entries->prepare("SELECT ID,NICK FROM users WHERE EMAIL=?;");
$check->bind_param("s",$email);
$check->execute();
$check->bind_result($maybeid,$maybenick);
echo "maybeid: ".$maybeid;
echo "maybenick:". $maybenick;
// got rid of the if statement
  while ($check->fetch()) {
    echo "maybeid: ".$maybeid;
    echo "maybenick:". $maybenick;
    if ($maybenick==$nickname){

     echo "Hooray!";
    }
  }

But ... why is it worrking? :)

回答1:

Try this (use a statement object returned from prepare):

<?php
 $previous_entries = new mysqli($db_host, $db_username, $db_password, $database);
 $check = $previous_entries->prepare("SELECT ID,NICK FROM users WHERE EMAIL=?;");
 $check->bind_param("s",$email);
 $check->execute();
 $check->bind_result($maybe_id,$maybe_got_something);
 if($check->num_rows > 0){
  while ($check->fetch()) {
    if ($maybe_got_something==$nickname){
     echo "Hooray!";
    }
  } 
}
?>


回答2:

The prepared query is $check but you are using $stmt when fetching.



回答3:

Try to change $stmt->fetch() with this one $check->fetch()

You could probably need to set your error_reporting level to something like

error_reporting = E_ALL & ~E_NOTICE

in your php.ini for development enviroment to avoid this kind of mistakes.

Regards



回答4:

You must change your code like this:

...
$check = $previous_entries->prepare("SELECT ID,NICK FROM users WHERE EMAIL=:email;");
$check->bind_param(":email",$email);
...


标签: php sql mysqli prepared-statement
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~