问题
I am learning Mysqli ( come from Mysql ).
I as far as I understood, the advantage of using prepared statements is to prevent SQL injections.
I managed to build queries with prepared statments using SELECT and INSERT.
But to achieve the equivalent of select count() , and I'm banging my head against the wall.
The PHP manual gives:
if ($result = mysqli_query($link, "SELECT Code, Name FROM Country ORDER BY Name")) {
/* determine number of rows result set */
$row_cnt = mysqli_num_rows($result);
printf("Result set has %d rows.\n", $row_cnt);
/* close result set */
mysqli_free_result($result);
}
I trying to do this with prepared statement too. But maybe I shoudn't ?
This is what I'm trying:
$boy = 'yes';
$age = 1;
$result = mysqli_prepare ($bdd, 'SELECT boy , age FROM photo WHERE boy = ? AND age= ?' );
mysqli_stmt_bind_param( $result, "si", $boy , $age );
mysqli_stmt_execute( $result );
$row_cnt = mysqli_num_rows( $result );
printf( "Le jeu de résultats a %d lignes.\n", $row_cnt );
But I always get the same type of error whatever I'am trying
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, object given in C:\wamp\www\page.com\pic.php on line 36
Thanks for your help.
回答1:
I think you're looking for mysqli_stmt_num_rows in combination with mysqli_stmt_store_result - http://www.php.net/manual/en/mysqli-result.num-rows.php
<?php
$boy = 'yes';
$age = 1;
$result = mysqli_prepare ($bdd, 'SELECT boy , age FROM photo WHERE boy = ? AND age= ?' );
mysqli_stmt_bind_param( $result, "si", $boy , $age );
mysqli_stmt_execute( $result );
// You may need this too...
mysqli_stmt_store_result( $result );
$row_cnt = mysqli_stmt_num_rows( $result );
printf( "Le jeu de résultats a %d lignes.\n", $row_cnt );
?>
来源:https://stackoverflow.com/questions/14992356/mysqli-num-rows-fails-with-prepared-statement-procedural-style