预处理语句适用于INSERT，但不适用于SELECT [英] Prepared statement works for INSERT but not for SELECT

问题描述

已解决，请看下面，但仍然不知道我是怎么做的才能使其起作用:)

SOLVED, SEE BELOW But still dont know what did I do to make it work :)

好的，我现在被困住了.我有表users:

OK, I am stuck now. I have table users:

ID int PRIMARY AUTO_INCREMENT
EMAIL varchar(60)
NICK varchar(60)
//...

如果我这样做:

<?php
$email = $_POST["mai"];
$nickname = $_POST["nck"];
$mysqli = new mysqli($db_host, $db_username, $db_password, $database);
$prepared_statement = "INSERT INTO users VALUES(?,?,?)";
if ($stmt = $mysqli->prepare($prepared_statement)) {
 $id = "";
 $stmt->bind_param("iss",$id,$email,$nickname); 
 $stmt->execute();
}
?>

它每一次都有效.但是，如果我对select执行相同操作:

It works every single time. But if I do the same with select:

<?php
 $previous_entries = new mysqli($db_host, $db_username, $db_password, $database);
 $check = $previous_entries->prepare("SELECT ID,NICK FROM users WHERE EMAIL=?;");
 $check->bind_param("s",$email);
 $check->execute();
 $check->bind_result($maybe_id,$maybe_got_something);

  while ($check->fetch()) { //here was typo, but fixed now 
    if ($maybe_got_something==$nickname){
     echo "Hooray!";
    }
  } 

?>

我从没见过万岁！"

但是，如果我这样更改它:

But, If I change it like this:

$previous_entries = new mysqli($db_host, $db_username, $db_password, $database);
$prepared_statement = "SELECT ID,NICK FROM users WHERE EMAIL=";
$prepared_statement .=$email;
$result = $previous_entries->query($prepared_statement);
while ($row = $result->fetch_array()){
  if ($row["NICK"]==$nickname){
     echo "Hooray!";
    }
}

那一切都很好.

我在准备好的陈述中犯了一个可怕的错误.但是我真的真的找不到它...我在做什么错了?

I am doing some terrible mistake in prepared statement. But I really really cannot find it... What am I doing wrong here?

更新了脚本以纠正错误的拼写错误，并添加了这两行:

Updated the script to correct bad typo, and added these two rows:

echo "maybeid: ".. $maybe_id;
echo "maybenick:". $maybe_got_something;

页面与此相呼应:

  maybeid: maybenick: 

工作代码 当尝试调试它时，我明白了这一点:

WORKING CODE When trying to debug it, I got to this:

$previous_entries = new mysqli($db_host, $db_username, $db_password, $database);
$check = $previous_entries->prepare("SELECT ID,NICK FROM users WHERE EMAIL=?;");
$check->bind_param("s",$email);
$check->execute();
$check->bind_result($maybeid,$maybenick);
echo "maybeid: ".$maybeid;
echo "maybenick:". $maybenick;
// got rid of the if statement
  while ($check->fetch()) {
    echo "maybeid: ".$maybeid;
    echo "maybenick:". $maybenick;
    if ($maybenick==$nickname){

     echo "Hooray!";
    }
  } 

但是...为什么要担心呢? :)

But ... why is it worrking? :)

推荐答案

尝试一下(使用从prepare返回的语句对象):

Try this (use a statement object returned from prepare):

<?php
 $previous_entries = new mysqli($db_host, $db_username, $db_password, $database);
 $check = $previous_entries->prepare("SELECT ID,NICK FROM users WHERE EMAIL=?;");
 $check->bind_param("s",$email);
 $check->execute();
 $check->bind_result($maybe_id,$maybe_got_something);
 if($check->num_rows > 0){
  while ($check->fetch()) {
    if ($maybe_got_something==$nickname){
     echo "Hooray!";
    }
  } 
}
?>

这篇关于预处理语句适用于INSERT，但不适用于SELECT的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！