提问人:mwaseema 提问时间:9/9/2013 更新时间:3/3/2014 访问量:1862
如何在使用 mysqli prepare 时获取 assoc 数组
How to fetch assoc array while using mysqli prepare
问:
为了确保我的数据库是安全的,我使用了 prepare 语句。这是我的代码:
//connecting to MySql database
$con=mysqli_connect("host","user","pass","dbname");
// checking database connection
if (mysqli_connect_errno($con)){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$stmt = mysqli_prepare($con,"SELECT * FROM `table` WHERE emb=? LIMIT 1");
mysqli_stmt_bind_param($stmt, 's', $emb);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
现在我想知道如何使用 ASSOC fetch 数组
$embInfo = mysqli_fetch_array($stmt, MYSQLI_ASSOC);
我想要这个,这样我就可以把下面这样的东西来获取值
$embInfo['name']
和
$embInfo['email']
答:
-3赞
Sushruth Siv
9/9/2013
#1
我可以提出一个替代方案吗?
{
$server = '';
$user = '';
$pass = '';
$db = '';
// connect to the database
$mysqli = new mysqli($server, $user, $pass, $db);
// show errors (remove this line if on a live site)
mysqli_report(MYSQLI_REPORT_ERROR);
$club=$_POST'club'];
$sql = "SELECT * FROM players WHERE club = '$club'";
$result=mysqli_query($mysqli,$sql);
while($row = mysqli_fetch_array($result))
{
echo $row['player'];
}
}
评论
0赞
mwaseema
9/9/2013
但我认为这是不安全的。SQL注入可以通过此代码销毁数据库。这就是我尝试使用准备好的语句的原因。
0赞
Sushruth Siv
9/9/2013
$club = mysql_real_escape_string($_POST['club']);尝试使用这个
0赞
mwaseema
9/9/2013
@sushruth-sv 真正的转义字符串已过时,您建议已弃用 mysql。我不明白你想说什么。您应该知道,如今准备该方法是最安全的。
0赞
Tomer W
10/16/2014
更安全,更快,因为MySQL引擎能够重用其旧的执行计划进行连续查询
-1赞
user3135626
3/3/2014
#2
试试这个:
//connecting to MySql database
$con=mysqli_connect("host","user","pass","dbname");
// checking database connection
if (mysqli_connect_errno($con)){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$stmt = mysqli_prepare($con,"SELECT * FROM `table` WHERE emb=? LIMIT 1");
mysqli_stmt_bind_param($stmt, 's', $emb);
mysqli_stmt_execute($stmt);
while($embInfo = mysqli_fetch_array($stmt, MYSQLI_ASSOC)){
echo 'My name is '.$embInfo['name'].'and my email is '.$embInfo['email'].'<br/>';
}
mysqli_stmt_close($stmt);
上一个:创建动态 WHERE 子句时出错
评论
mysqli-stmt.get-result