问题
I have this partial code:
if ($getRecords = $con->prepare("SELECT * FROM AUCTIONS WHERE ARTICLE_NO = ?"))
{
$getHtml = $con->prepare("SELECT ARTICLE_DESC FROM AUCTIONS WHERE ARTICLE_NO = ?");
$getHtml->bind_param("i", $pk);
$getHtml->execute();
$getHtml->bind_result($ARTICLE_DESC);
$getRecords->bind_param("i", $pk);
$getRecords->execute();
$getRecords->bind_result($ARTICLE_NO, $ARTICLE_NAME, $SUBTITLE, $CURRENT_BID, $START_PRICE, $BID_COUNT, $QUANT_TOTAL, $QUANT_SOLD, $ACCESSSTARTS, $ACCESSENDS, $ACCESSORIGIN_END, $USERNAME, $BEST_BIDDER_ID, $FINISHED, $WATCH, $BUYITNOW_PRICE, $PIC_URL, $PRIVATE_AUCTION, $AUCTION_TYPE, $ACCESSINSERT_DATE, $ACCESSUPDATE_DATE, $CAT_DESC, $CAT_PATH, $COUNTRYCODE, $LOCATION, $CONDITIONS, $REVISED, $PAYPAL_ACCEPT, $PRE_TERMINATED, $SHIPPING_TO, $FEE_INSERTION, $FEE_FINAL, $FEE_LISTING, $PIC_XXL, $PIC_DIASHOW, $PIC_COUNT, $ITEM_SITE_ID);
Which otherwise runs OK, however I get an error:
Number of bind variables doesn't match number of fields in prepared statement
On the last line I posted.
I am not sure what the problem is. I want to use some columns seperate, eg ARTICLE_DESC. Does this mean I cannot use select *, and must put in each of the column names in the query?
edit: is it necessary to bind? are there security or performance advantages to be gained? Can I just as well do without?
回答1:
Really you should be setting the names of the columns rather then using *.
This way, you will know exactly which columns to pass to the bind_result method.
回答2:
If you are binding results, you should not be doing this with a wildcard in your SQL query. Think of what would happen if a column was added or removed from the table you are binding.
来源:https://stackoverflow.com/questions/495496/mysqli-bind-variables