我有个问你们.我正试图让我尽可能安全地运行
MySQL.我现在想知道在准备好语句,绑定参数并执行语句之后是否可以使用MysqLi获取对象.
例:
$sql = $MysqLi->prepare('SELECT * FROM users WHERE username = ?;'); $sql->bind_param('s',$username); $username = 'RastaLulz'; $sql->execute(); $object = $sql->fetch_object(); echo $object->mail;
我收到以下错误:
Fatal error: Call to a member function fetch_object() on a non-object in C:\xampp\htdocs\ProCMS\DevBestCMS\inc\global\class.MysqL.PHP on line 23
但是,当我添加“$sql-> result_Metadata();”我没有收到错误,但它没有返回结果(它只是NULL).
$sql = $MysqLi->prepare('SELECT * FROM users WHERE username = ?;'); $sql->bind_param('s',$username); $username = 'RastaLulz'; $sql->execute(); $result = $sql->result_Metadata(); $object = $result->fetch_object(); echo $object->mail;
这是你如何在不绑定参数的情况下完成的:
$sql = $MysqLi->query("SELECT * FROM users WHERE username = 'RastaLulz';"); $object = $sql->fetch_object(); echo $object->mail;
这是我当前的MysqL类 – 只需要让execute函数正常工作.
http://uploadir.com/u/lp74z4
任何帮助是,将不胜感激!
我只是在我的数据库类中挖出来,这就是我的工作方式.老实说,我不记得为什么我需要这样做,可能有更好的方法.但如果它对你有所帮助就是代码.我依稀记得因为没有一种简单的方法将你的结果作为一个对象而烦恼.
// returns an array of objects public function stmtFetchObject(){ $rows=array(); //init // bind results to named array $Meta = $this->stmt->result_Metadata(); $fields = $Meta->fetch_fields(); foreach($fields as $field) { $result[$field->name] = ""; $resultArray[$field->name] = &$result[$field->name]; } call_user_func_array(array($this->stmt,'bind_result'),$resultArray); // create object of results and array of objects while($this->stmt->fetch()) { $resultObject = new stdClass(); foreach ($resultArray as $key => $value) { $resultObject->$key = $value; } $rows[] = $resultObject; } return $rows; }