【发布时间】:2016-12-16 20:21:47
【问题描述】:
我想用准备好的语句创建一个简单的选择,但结果我只是得到 NULL :(当我在没有准备好的语句的情况下这样做时一切正常。
<?php
class DbHandler{
public function select($columns, $table_name, $alias, $where, $order){
//echo(phpinfo());
$db = new mysqli("localhost", "root", "", "superhelden");
if(!$db){
exit("Verbindungsfehler: ".mysqli_connect_error());
}
if(empty($columns)){
$columns = "*";
trigger_error("No columns chosen. Value set to *.", E_USER_WARNING);
} else{
$prepColumns = $columns;
}
if(empty($table_name)){
trigger_error("Tablename must not be empty.", E_USER_ERROR);
}
if(empty($where)){
trigger_error("WHERE is empty so no conditions are set. All entries will be selected.", E_USER_WARNING);
}
//I don't know why but I can't use a param for the tablename
$query = "SELECT ? FROM $table_name";
if(!empty($alias)){
$query .= " AS ?";
}
if(!empty($where)){
$query .= " WHERE ?";
}
//This is working..
$query1 = "SELECT name FROM karten WHERE name='Fausthieb'";
$res = $db->query($query1);
while($row = $res->fetch_assoc()){
echo($row["name"] . "<br>");
}
//.... :(
if(empty($order)){
//Show created query
echo("$query || ");
if($prep = $db->prepare($query)){
if(!empty($alias)){
if(!empty($where)){
$prep->bind_param("sss", $prepColumns, $alias, $where);
} else{
$prep->bind_param("ss", $prepColumns, $alias);
}
} else if(!empty($where)){
//Show params of function
echo("columns: $prepColumns || ");
echo("Where: $where || ");
$prep->bind_param("ss", $prepColumns, $where);
} else {
$prep->bind_param("s", $prepColumns);
}
// print_r($prep->result_metadata());
// echo(var_dump($prep));
$prep->execute();
var_dump($prep->error);
echo(" || ");
$prep->bind_result($result);
$prep->fetch();
echo(gettype($result));
$prep->close();
}else{
var_dump($db->error);
}
} else {
$query .= " ORDER BY ?";
if($prep = $db->prepare($query)){
if(!empty($alias)){
if(!empty($where)){
$prep->bind_param("ssss", $prepColumns, $alias, $where, $order);
} else{
$prep->bind_param("sss", $prepColumns, $alias, $order);
}
} else if(!empty($where)){
$prep->bind_param("sss", $prepColumns, $where, $order);
} else {
$prep->bind_param("ss", $prepColumns, $order);
}
$prep->execute();
$prep->bind_result($result);
$prep->fetch();
echo($result);
$prep->close();
}else{
var_dump($db->error);
}
}
}
}
?>
这段代码正在调用我的选择函数:
include("DbHandler_dominic.php");
$test = new DbHandler();
$test->select("name", "karten", "", "name='Fausthieb'", "");
?>
然后我得到了这个,它工作得很好。
<?php
include("dbconnect.php");
$pepper = "KratzigeStirn?!";
$username = $_POST["username"];
$prep = $db->prepare("SELECT name FROM spieler WHERE name=?");
$prep->bind_param("s", $username);
$prep->execute();
$prep->bind_result($user);
$prep->fetch();
$prep->close();
$email = $_POST["email"];
$prep = $db->prepare("SELECT email FROM spieler WHERE email=?");
$prep->bind_param("s", $email);
$prep->execute();
$prep->bind_result($mail);
$prep->fetch();
$prep->close();
if($user == "" && $mail == ""){
$password = password_hash($_POST["password"].$pepper, PASSWORD_BCRYPT);
$prep = $db->prepare("INSERT INTO spieler(name, passwort, email) VALUES(?, ?, ?)");
$prep->bind_param("sss", $username, $password, $email);
$prep->execute();
$prep->close();
} else if($user == $username){
echo "Benutzer existiert schon..";
} else if($mail == $email){
echo "E-Mail bereits vergeben..";
}
$db->close();
?>
有什么区别?我该怎么做才能让 SELECT 工作:/
我的数据库图表和表格属性:
如果我忘记了任何需要的信息,请告诉我,我会尽可能补充:)
【问题讨论】:
-
您不能将占位符用于表名或列名,只能用于值。
-
哦,好吧,但为什么我没有收到错误消息?
-
您的查询在语法上没有任何问题,只是不会做您想做的事。它将参数视为文字字符串。所以它变成了
SELECT 'name' FROM karten WHERE "name='Fausthieb'"。 -
谢谢!这帮助很大:)
标签: php mysqli prepared-statement mariadb bindparam