我有个问你们.我正试图让我尽可能安全地运行MySQL.我现在想知道在准备好语句,绑定参数并执行语句之后是否可以使用MySQLi获取对象.
例:
$sql = $mysqli->prepare('SELECT * FROM users WHERE username = ?;');
$sql->bind_param('s', $username);
$username = 'RastaLulz';
$sql->execute();
$object = $sql->fetch_object();
echo $object->mail;
我收到以下错误:
Fatal error: Call to a member function fetch_object() on a non-object in C:\xampp\htdocs\ProCMS\DevBestCMS\inc\global\class.mysql.php on line 23
但是,当我添加"$ sql-> result_metadata();" 我没有收到错误,但它没有返回结果(它只是NULL).
$sql = $mysqli->prepare('SELECT * FROM users WHERE username = ?;');
$sql->bind_param('s', $username);
$username = 'RastaLulz';
$sql->execute();
$result = $sql->result_metadata();
$object = $result->fetch_object();
echo $object->mail;
这是你如何在不绑定参数的情况下完成的:
$sql = $mysqli->query("SELECT * FROM users WHERE username = 'RastaLulz';");
$object = $sql->fetch_object();
echo $object->mail;
这是我当前的MySQL类 - 只需要让execute函数正常工作. http://uploadir.com/u/lp74z4
任何帮助是,将不胜感激!
我有同样的问题.我发现我可以做以下事情:
# prepare statement
$stmt = $conn->prepare($sql)
# bind params
$stmt->bind_param("s", $param);
# execute query
$stmt->execute();
# get result
$result = $stmt->get_result();
# fetch object
$object = $result->fetch_object();
我希望这也适合你.
我刚刚在我的数据库类中进行了研究,这就是我的做法。老实说,我不记得为什么需要这样做,可能有更好的方法。但如果它对你有帮助的话,这里是代码。我确实记得很恼火,因为没有一种简单的方法来获取结果作为对象。
// returns an array of objects
public function stmtFetchObject(){
$rows=array(); //init
// bind results to named array
$meta = $this->stmt->result_metadata();
$fields = $meta->fetch_fields();
foreach($fields as $field) {
$result[$field->name] = "";
$resultArray[$field->name] = &$result[$field->name];
}
call_user_func_array(array($this->stmt, 'bind_result'), $resultArray);
// create object of results and array of objects
while($this->stmt->fetch()) {
$resultObject = new stdClass();
foreach ($resultArray as $key => $value) {
$resultObject->$key = $value;
}
$rows[] = $resultObject;
}
return $rows;
}