mysqli

问题 As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 6 years ago . I am working on a website which is very MySQL DB driven. So I have a lot of queries going on. In this topic everyone recommends to

问题 As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 6 years ago . I am working on a website which is very MySQL DB driven. So I have a lot of queries going on. In this topic everyone recommends to

问题 I am trying to learn how to use prepared statements with MySQLi to insert data. Even though prepared statements are lauded for their ability to efficiently execute similar statements repeatedly, I can't seem to find examples of executing multiple statements in a loop using MySQLi. I'm especially confused about the following : whether to call bind_param before my loop or inside my loop whether to assign values to my variables before or after the call to bind_param Most tutorials on prepared

问题 I have a stored procedure IsUserPresent like: DELIMITER $$ CREATE PROCEDURE IsUserPresent( in userid varchar (150), out isPresent bit ) BEGIN SET isPresent=0; SELECT COUNT(*) INTO isPresent FROM users_table WHERE users_table.userid=userid; END$$ and I want to call it from PHP using mysqli prepared statement. I am doing it following code snippet but it gives me warning. $connect=&ConnectDB(); $stmt=$connect->prepare("CALL IsUserPresent(?,?)"); $stmt->bind_param('si',$uid,$userCount); $stmt-

问题 This question already has answers here : Mysqli query doesn't work twice (2 answers) Closed 2 years ago . I'm retrieving some data from a mysql database. There are two loops which uses the same result set. while ($row = mysqli_fetch_array($newsQuery)) { echo "<a href='news-article.php?articleId=" .$row["news_id"]."' class='list-group-item active'>".$row["news_title"]."</a>"; } This loop ends with success. then in the same page I have the following loop. while ($row = mysqli_fetch_array(

问题 Here is my case: $sql = 'UPDATE user SET password = ? WHERE username = ? AND password = ?'; if($stmt->prepare($sql)) { $stmt->bind_param('sss', $newPass, $_SESSION['username'], $oldPass); $stmt->execute(); } Now, how can I see if the UPDATE query is successfully executed? And more precisely how can I see if the old password and username are correct so that I can store the new password? I've tried by doing this: $res = $stmt->execute(); echo 'Result: '.$res; But I always get: Result: 1 even if

问题 I want to eliminate sql injection, should I use mysqli_real_escape_string() or is it clear in mysqli? For example $nick = mysqli_real_escape_string($_POST['nick']) 回答1: You should use prepared statements and pass string data as a parameter but you should not escape it. This example is taken from the documentation: /* create a prepared statement */ if ($stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?")) { /* bind parameters for markers */ $stmt->bind_param("s", $city); /*

问题 Update for CodingBiz: I'm putting this in my code: for($i=1;$i<=$numRows;$i++) { $output .= '<tr>'; $row = $this->fetchAssoc($result); $colRow = $this->fetchAssoc($colResult); foreach($colRow as $colName) { $output .= "<td>".$row[$colName]."</td>"; } $output .= '</tr>'; } in place of for($i=1;$i<=$numRows;$i++) { $output .= '<tr>'; $row = $this->fetchAssoc($result); for($j=1;$j<=$colNumRows;$j++) { $colRow = $this->fetchAssoc($colResult); $output .= "<td>".$row[$colRow["COLUMN_NAME"]]."</td>"

问题 What are the advantages of using prepared statements with MySQLi? If the only purpose is to secure the query, isn't it better to clean the query using something like mysqli_real_escape_string instead of writing so many lines of code for each query (like prepare, bind_param, execute, close etc.)? 回答1: Preparing statements is not just for code security. It helps the SQL server parse your statement and generate an execution plan for your query. If you run a SELECT 1000 times then the SQL server

问题 I have a php-mysqli code that works find one my local server but on using it on my server i am getting a Fatal error: Call to undefined function mysqli_fetch_all() in /home3/t561257/public_html/admin/database.php on line 49 The following part of the code is where the problem is. function fetch_rows($queryname) { $result = $this->connection->query($queryname); $row = mysqli_fetch_all($result, MYSQLI_ASSOC); return $row; } I use it in the following manner $next_four_rows = $db_link->fetch_rows(