我有一个在应用程序中正常工作的旧 mysql 代码:
$query = "
SELECT * FROM Tutor t
WHERE
(t.Tutorusername = '".mysql_real_escape_string($tutorusername)."')
AND
(t.Tutorpassword = '".mysql_real_escape_string($tutorpassword)."')
";
$num = mysql_num_rows($result = mysql_query($query));
while($row = mysql_fetch_array($result))
{
...
}
但我现在想从 Mysql 更改为使用 mysqli。我的问题是下面的 mysqli 代码是否完全正确并且与上面的 mysql 代码相同?
$query = $mysqli->prepare("
SELECT * FROM Tutor t
WHERE
(t.Tutorusername = '".mysqli_real_escape_string($tutorusername)."')
AND
(t.Tutorpassword = '".mysqli_real_escape_string($tutorpassword)."')
");
$query->bind_result($Tutor);
$num = $query->num_rows($result = $query->execute());
while($row = $result->fetch())
{
...
}