由于未安装 MySQLnd，MySQLi 准备好的语句显示错误 [英] MySQLi prepared statements displaying error because of MySQLnd not installed

问题描述

我正在使用此代码在 MySQLi 中运行 select 语句

I am using this code to run a select statement in MySQLi

$stmt = $mysqli->prepare('SELECT * FROM admin WHERE forename = ? and surname = ? ');
$stmt->bind_param('vv', $forename, $surname);

$foremame = "Forename";
$surname = "Surname";

$stmt->execute();

$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
    echo $row["sequence"];
}
$stmt -> close();
$mysqli -> close();

但我收到了一个致命错误:

But I am getting a fatal error saying:

Fatal error: Call to undefined method mysqli_stmt::get_result()

因为我没有安装 MySQLnd 但我无法安装它，因为我使用的是共享 Web 服务器，而主机不会安装它.

Because I do not have MySQLnd installed but I cannot install it as I am using a shared web server and the host will not install it.

如何在不安装 MySQLnd 的情况下使用 MySQLi 准备好的语句，因为我想防止 SQL 注入攻击

How can I use a MySQLi prepared statement without having to have MySQLnd installed as I want to prevent SQL injection attacks

推荐答案

可以使用 $stmt->bind_result() 将结果绑定到变量，然后 $stmt->;fetch() 将结果提取到绑定变量中.

You can use $stmt->bind_result() to bind the results to variables, then $stmt->fetch() to fetch the results into the bound variables.

$stmt->execute();
$stmt->bind_result($var1, $var2, $var3, ...); // Use more meaningful variable names

while ($stmt->fetch()) {
    echo $var3; // to get the third column in the results
}

我强烈建议在 SELECT 子句中明确列出列名称，而不是 *，因为这种访问结果的方法取决于列的特定顺序.

I strongly recommend listing the colum names explicitly in the SELECT clause, rather than *, since this method of accessing the results is dependent on the specific order of the columns.

这篇关于由于未安装 MySQLnd，MySQLi 准备好的语句显示错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！