我试图将我的代码从
mysql更改为msqli预处理语句.我不知道如何调整我目前工作的代码以检查数据库中是否已有电子邮件.以下是我目前正在使用的代码.如何将其更改为准备好的语句并获得相同的结果?
//if email is equal to an email already in the database,display an error message if(MysqL_num_rows(MysqL_query("SELECT * FROM users WHERE email = '".MysqL_real_escape_string($_POST['email'])."'"))) { echo "<p class='red'>Email is already registered with us</p>"; } else { // missing code? }
应该是这样的:
// create MysqLi object $MysqLi = new MysqLi(/* fill in your connection info here */); $email = $_POST['email']; // might want to validate and sanitize this first before passing to database... // set query $query = "SELECT COUNT(*) FROM users WHERE email = ?" // prepare the query,bind the variable and execute $stmt = $MysqLi->prepare( $query ); $stmt->bind_param( 's',$email ); $stmt->execute() // grab the result $stmt->store_result(); // get the count $numRows = $stmt->num_rows(); if( $numRows ) { echo "<p class='red'>Email is already registered with us</p>"; } else { // .... }
此链接也可以帮助您:
http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php