由于未安装 MySQLnd,MySQLi 准备好的语句显示错误 [英] MySQLi prepared statements displaying error because of MySQLnd not installed
问题描述
我正在使用此代码在 MySQLi 中运行 select 语句
I am using this code to run a select statement in MySQLi
$stmt = $mysqli->prepare('SELECT * FROM admin WHERE forename = ? and surname = ? ');
$stmt->bind_param('vv', $forename, $surname);
$foremame = "Forename";
$surname = "Surname";
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
echo $row["sequence"];
}
$stmt -> close();
$mysqli -> close();
但我收到了一个致命错误:
But I am getting a fatal error saying:
Fatal error: Call to undefined method mysqli_stmt::get_result()
因为我没有安装 MySQLnd 但我无法安装它,因为我使用的是共享 Web 服务器,而主机不会安装它.
Because I do not have MySQLnd installed but I cannot install it as I am using a shared web server and the host will not install it.
如何在不安装 MySQLnd 的情况下使用 MySQLi 准备好的语句,因为我想防止 SQL 注入攻击
How can I use a MySQLi prepared statement without having to have MySQLnd installed as I want to prevent SQL injection attacks
推荐答案
可以使用 $stmt->bind_result()
将结果绑定到变量,然后 $stmt->;fetch()
将结果提取到绑定变量中.
You can use $stmt->bind_result()
to bind the results to variables, then $stmt->fetch()
to fetch the results into the bound variables.
$stmt->execute();
$stmt->bind_result($var1, $var2, $var3, ...); // Use more meaningful variable names
while ($stmt->fetch()) {
echo $var3; // to get the third column in the results
}
我强烈建议在 SELECT
子句中明确列出列名称,而不是 *
,因为这种访问结果的方法取决于列的特定顺序.
I strongly recommend listing the colum names explicitly in the SELECT
clause, rather than *
, since this method of accessing the results is dependent on the specific order of the columns.
这篇关于由于未安装 MySQLnd,MySQLi 准备好的语句显示错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!