mysqli_prepare vs PDO

2020-01-29 23:26发布

站内问答 / PHP
1982 1 5

BACKGROUND

I'm trying to write a function query

query('type', 'parameters', 'bind_types')

which I can call to make simple queries. All the mySQL queries are in the function 

grab_sql()

All the binding takes place in the function bind()

call_user_func_array needs references to function correctly so I wrote ref_arr to accomodate.

Problem is that I'm not getting the results back that I need - they are posted below under results. I think the issue is in the binding of the reuslts as I kind of guessed on that part.

RESEARCH

  • Info on prepared statements here
  • Info on call_user_func_array here
  • Info on the neccessity of references for call_user_func_array here

QUESTION: How can I modify this code to correctly get the correct results?

CODE

  function ref_arr(&$arr)
    { 
    $refs = array(); 
    foreach($arr as $key => $value) 
      {  
      $refs[$key] = &$arr[$key];
      } 
    return $refs;}      

  public function bind($query, $input_param, $btypes)
    {   
    $a="test_var1";$b="test_var2";
    $output_arr=array($a,$b);
    $input_ref = $this->ref_arr($input_param);
    $output_ref = $this->ref_arr($output_arr);
    if($statement=mysqli_prepare(one::$db, $query)) 
      {
      array_unshift($input_ref, $statement, $btypes);
      call_user_func_array("mysqli_stmt_bind_param", $input_ref);
      mysqli_stmt_execute($statement);
      array_unshift($output_ref, $statement);
      call_user_func_array("mysqli_stmt_bind_result", $output_ref);
      mysqli_stmt_fetch($statement);
      var_dump($output_ref);  
      mysqli_stmt_close($statement);
      }
    }
  public function grab($type)
    {
    switch($type) 
      {
      case "validate_user":
        $query="SELECT email,pass FROM cr WHERE email=? AND pass=?";
        break;
      case "another_query_type":
        break;
      }
    return $query;
    }
  public function query($qtype, $arg_arr, $btypes)
    {
    return self::bind(self::grab_sql($qtype), $arg_arr, $btypes);
    }
  }

TEST CASE

<?php
  require_once 'p0.php'; 
  $db_ = new database();
  $db_->query('validate_user',array('joe@gmail.com','Password'), 'ss');
?>

RESULTS

The values result appears to be(last two values) &NULL and &NULL. 

array(3) { [0]=> object(mysqli_stmt)#2 (9) {  
    ["affected_rows"]=> int(-1) ["insert_id"]=> int(0) ["num_rows"]=> int(0) ["param_count"]=> int(2) ["field_count"]=> int(2) ["errno"]=> int(0) ["error"]=> string(0) "" ["sqlstate"]=> string(5) "00000" ["id"]=> int(1) } [1]=> &NULL [2]=> &NULL 
}

标签: php mysqli
举报
1条回答
再贱就再见
2楼-- · 2020-01-29 23:57

Yes, writing a generic bind-this-array-into-a-query in Mysqli is a royal PITA. I eventually got it to work when I was coding Zend Framework's mysqli adapter, but it took a lot of work. You're welcome to take a look at the code. I see one chief difference, here's how I did the refs:

$stmtParams = array();
foreach ($params as $k => &$value) {
    $stmtParams[$k] = &$value;
}
call_user_func_array(
    array($this->_stmt, 'bind_param'), // mysqli OO callback
    $stmtParams
);

This is slightly different than yours. I wonder if in your code the ref operator & binds more tightly than the array index [] operator.

Note I also had to use the ref operator both in the foreach and in the assignment. I never quite understood why, but this was the only way it would work. PHP refs are pretty mysterious and hard to understand.

This may not be a viable suggestion if you're stuck with an environment that has Mysqli enabled but not PDO, but you should really consider using PDO instead. PDO takes care of a lot of that work for you; you can simply pass an array of values to PDOStatement::execute() for a prepared query with parameters. For me, it was far easier to use PDO for this particular use than mysqli.

$pdoStmt->execute( array('joe@gmail.com','Password') );  // it's that easy

P.S.: I hope you're not storing passwords in plaintext.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)