问题
Whats the point for php developer to create function bind_result, as it seems get_result work fine too.
if($stmt=$mysqli->prepare("SELECT member_ID FROM members where hair=? and hand=?")){
if($stmt->bind_param('ss',$hair,$hand)){
if($stmt->execute){
$result=$stmt->get_result();
while($line=$result->fetch_assoc()){
echo $line['member_ID'];
}
// ------------ versus -------------------
// $stmt->store_result();
// $stmt->bind_result($member_ID);
// while($stmt->fetch()){
// echo $member_ID;
// }
}
}
}
It seems that (I'm guessing) php developer themselves prefer $stmt->fetch() since this function came out earlier, but why $stmt->fetch()? It don't seem to be reason of variable name difference between $row['member_ID'] and $member_ID.
回答1:
Some programmers like to assign each element of the associative array to a regular variable, so they can use them less verbosely. Using bind_result does this automatically for you, and you don't have to repeat it each time through the fetch loop.
It's basically just a stylistic choice. IMHO, the main problem with bind_result is that you have to make sure to keep the order of the arguments in sync with the select list. This is also true for bind_param (which is why PDO allows :name parameters, to solve this), but the benefits outweigh it.
回答2:
There is no security risk with returning strings from a database (with the correct validations depending on what you are returning),
get_result() makes it easier to return a pre-created array from the statement,
bind_result() makes it easy to work with the values you wish to work with.
Essentially, It's all down to what the developer prefers to work with. Variables or seeking an array. they both perform the same task, just using bind_result takes away a line of code to fetch the array type.
来源:https://stackoverflow.com/questions/18283960/performance-or-security-differences-between-mysqli-get-result-and-bind-result