【发布时间】:2019-01-09 08:09:29
【问题描述】:
我正在使用下面的代码从我的数据库中获取与用户输入的年份和月份相匹配的数据。
连接:
class ConnectDB{
private $servername;
private $username;
private $password;
private $dbname;
protected function connect(){
$this->servername ="localhost";
$this->username ="root";
$this->password ="";
$this->dbname ="dbexpense";
$conn = new mysqli($this->servername,$this->username,$this->password,$this->dbname);
if($conn -> connect_error) {
die("connection failed:".$conn-> connect_error);
}
return $conn;
}
}
提取数据的类:
<?php
class SelectAMonthGet extends ConnectDB {
var $year;
var $month;
function __construct( ){
$this->year = $_POST['year'];
$this->month = $_POST['analyze_options_month'];
}
protected function SelectAMonthGetData(){
$year = $this->year;
$month = $this->month;
$sql = $this->connect()->prepare("SELECT * FROM wp_myexpenses WHERE YEAR(date) = ? AND MONTH(date) = ? order by date,id");
$sql->bind_param("ss",$year,$month);
$result = $sql ->execute();
$numRows = $result->num_rows;
if($numRows > 0) {
while ($row = $result->fetch_assoc()){
$data[] = $row;
}
return $data;
}
}
}
?>
但即使数据库中有数据,它也没有显示任何结果。
当我使用没有准备好的语句的代码时,我能够得到一个结果,如下所示:
没有准备好的语句的代码(工作):
class SelectAMonthGet extends ConnectDB {
var $year;
var $month;
function __construct( ){
$this->year = $_POST['year'];
$this->month = $_POST['analyze_options_month'];
}
protected function SelectAMonthGetData(){
$year = $this->year;; $month = $this->month;
$sql = "SELECT * FROM wp_myexpenses WHERE YEAR(date) = '$year' AND MONTH(date) = '$month' order by date,id";
$result = $this->connect()->query($sql);
$numRows = $result->num_rows;
if($numRows > 0) {
while ($row = $result->fetch_assoc()){
$data[] = $row;
}
return $data;
}
}
}
?>
我想使用准备好的语句来避免 SQL 注入。我无法理解我的代码有什么问题?有人可以在这里指导我吗?
更新: 正如 ADyson 在 cmets 中所建议的那样,启用了错误报告。它给出以下错误:
Notice: Trying to get property of non-object in **** on line 34
第 34 行:
$numRows = $result->num_rows;
更新:
将代码更改为包含 get_result(),如下所示
protected function SelectAMonthGetData(){
$year = $this->year;
$month = $this->month;
$sql = $this->connect()->prepare("SELECT * FROM wp_myexpenses WHERE YEAR(date) = ? AND MONTH(date) = ? order by date,id");
$sql->bind_param("ss",$year,$month);
$sql ->execute();
$result = $sql->get_result();
$numRows = $result->num_rows;
if($numRows > 0) {
while ($row = $result->fetch_assoc()){
$data[] = $row;
}
return $data;
}
}
但现在它给出错误:
Fatal error: Uncaught Error: Call to undefined method mysqli_stmt::get_result() in ****:28
在检查一些解决方案后,错误是由于未启用 mysqlnd 驱动程序。在我的情况下这是真的。 是否有任何替代解决方案来获得它?
【问题讨论】:
-
在 Query 中使用 SELECT * 不是一个好习惯。
-
是否检查了 $year 和 $month 的值?
-
@UmarAbdullah:是的。我检查了 $year 和 $month 的值。它按预期显示。 var_dump 数据:字符串(4)“2019”字符串(1)“1”
-
试试 instedof ss ii
-
@HamzaNig:是的,我用 ii 试过,但没有运气
标签: php mysql prepared-statement