-3

我想将下面的 MySQL 查询更改为 MySQLi(prepared statements),但我不知道该怎么做,因为它有多行可供选择。谁能指出我正确的方法。

$check_added_files = mysql_query("select * from `vpb_uploads` where `username` = '".mysql_real_escape_string($username)."' and `firstname` = '' and `image_one` != '' and `image_two` != '' and `image_three` != '' and `image_four` != '' and `image_five` != ''");
        if(mysql_num_rows($check_added_files) == 1)
        {
            echo 'up_to_five_already';
        }
4

3 回答 3

2

正确的方法是将其更改为PDO

$sql = "select * from vpb_uploads where username=? and firstname=''
        and image_one != '' and image_two != '' and image_three != '' 
        and image_four != '' and image_five != ''";
$stm = $pdo->prepare($sql);
$stm->execute(array($username));
$files = $stm->fetchAll();
于 2013-03-27T16:03:09.037 回答
0

Mysqli 在经典的 mysql api 上提供了面向对象的接口。它还支持事务、prepared Statement、多个语句。

如果你想获取行作为对象,你可以看看这个http://www.php.net/manual/en/mysqli-result.fetch-object.php

如果你想获取行作为关联数组,那么你可以看看http://www.php.net/manual/en/mysqli-result.fetch-assoc.php

于 2013-03-27T16:03:55.143 回答
-1

这很简单,我不知道为什么每次我问问题都会被拒绝。

$mysqli = new mysqli("localhost", "root", "", "database");
    if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
    }

 $username = $_SERVER['REMOTE_ADDR']; 
    $stmt = $mysqli->prepare("select * from `vpb_uploads` where `username` = ? and `firstname` = '' and `image_one` != '' and `image_two` != '' and `image_three` != '' and `image_four` != '' and `image_five` != ''");
    $stmt->bind_param('s', $username);
    $stmt->execute();
    $stmt->store_result();

    if ($stmt->num_rows == 1) {

    echo 'up_to_five_already';
    }
于 2013-03-27T21:58:04.687 回答