-2

以前在即将被弃用的普通 mysql 函数中,我有:

    // On first connect to database, create a user to hold data for users not logged in
    if (mysql_num_rows(mysql_query("SELECT id FROM users WHERE id=1")) === 0) {
        mysql_query("INSERT INTO users(id,username,email,password) VALUES(1,'anonymous','anonymous','" . password_hash("noidentity", PASSWORD_BCRYPT) . "')");
    }

这就是我现在所拥有的,试图完成同样的事情:

    // On first connect to database, create a user to hold data for users not logged in
    $stmt = $db->prepare("SELECT id FROM users WHERE id = ?");
    $stmt->execute(1);
    $stmt->store_result();
    if ($stmt->num_rows == 0) {
        $stmt = $db->prepare("INSERT INTO users (id, username, email, password) VALUES (?, ?, ?, ?)");
        $stmt->execute(1, 'anonymous', 'anonymous', password_hash("noidentity", PASSWORD_BCRYPT));
    }

我不断收到错误“警告:mysqli_stmt::execute() 期望正好 0 个参数,给定 1”似乎它期望 1,因为我有 1 个问号,但我显然做错了什么。

我对以下那些做对了吗?

$stmt = $db->prepare("UPDATE users SET wins = wins + 1 WHERE id = ?");
$stmt->execute($_SESSION["id"]);

我应该有吗?为胜利=部分?如果是这样,如果它取决于那里的当前值,我将如何填写该值?

关于什么:

$stmt = $db->prepare("SELECT id, username, password FROM users WHERE email = ?");
$stmt->execute($email);
$row = $stmt->fetch();

if (password_verify($password, $row["password"])) {

我在那儿做吗?

出于安全目的,我只是试图掌握这些准备好的陈述,并发现它有点困难。

4

1 回答 1

2

使用此代码,您必须使用bind_param来设置数据。

$stmt = $db->prepare("SELECT id FROM users WHERE id = ?");
$stmt->bind_param('i', 1);
$stmt->execute();
于 2013-02-21T04:25:40.167 回答