-2
当我想创建一个简单的选择和预处理语句但结果我只是得到NULL :(当我做没有准备的语句一切工作正常。没有结果使用预处理语句
<?php
class DbHandler{
public function select($columns, $table_name, $alias, $where, $order){
//echo(phpinfo());
$db = new mysqli("localhost", "root", "", "superhelden");
if(!$db){
exit("Verbindungsfehler: ".mysqli_connect_error());
}
if(empty($columns)){
$columns = "*";
trigger_error("No columns chosen. Value set to *.", E_USER_WARNING);
} else{
$prepColumns = $columns;
}
if(empty($table_name)){
trigger_error("Tablename must not be empty.", E_USER_ERROR);
}
if(empty($where)){
trigger_error("WHERE is empty so no conditions are set. All entries will be selected.", E_USER_WARNING);
}
//I don't know why but I can't use a param for the tablename
$query = "SELECT ? FROM $table_name";
if(!empty($alias)){
$query .= " AS ?";
}
if(!empty($where)){
$query .= " WHERE ?";
}
//This is working..
$query1 = "SELECT name FROM karten WHERE name='Fausthieb'";
$res = $db->query($query1);
while($row = $res->fetch_assoc()){
echo($row["name"] . "<br>");
}
//.... :(
if(empty($order)){
//Show created query
echo("$query || ");
if($prep = $db->prepare($query)){
if(!empty($alias)){
if(!empty($where)){
$prep->bind_param("sss", $prepColumns, $alias, $where);
} else{
$prep->bind_param("ss", $prepColumns, $alias);
}
} else if(!empty($where)){
//Show params of function
echo("columns: $prepColumns || ");
echo("Where: $where || ");
$prep->bind_param("ss", $prepColumns, $where);
} else {
$prep->bind_param("s", $prepColumns);
}
// print_r($prep->result_metadata());
// echo(var_dump($prep));
$prep->execute();
var_dump($prep->error);
echo(" || ");
$prep->bind_result($result);
$prep->fetch();
echo(gettype($result));
$prep->close();
}else{
var_dump($db->error);
}
} else {
$query .= " ORDER BY ?";
if($prep = $db->prepare($query)){
if(!empty($alias)){
if(!empty($where)){
$prep->bind_param("ssss", $prepColumns, $alias, $where, $order);
} else{
$prep->bind_param("sss", $prepColumns, $alias, $order);
}
} else if(!empty($where)){
$prep->bind_param("sss", $prepColumns, $where, $order);
} else {
$prep->bind_param("ss", $prepColumns, $order);
}
$prep->execute();
$prep->bind_result($result);
$prep->fetch();
echo($result);
$prep->close();
}else{
var_dump($db->error);
}
}
}
}
?>
此代码是打电话给我的选择功能:
include("DbHandler_dominic.php");
$test = new DbHandler();
$test->select("name", "karten", "", "name='Fausthieb'", "");
?>
然后,我就这一个其中工程就好
<?php
include("dbconnect.php");
$pepper = "KratzigeStirn?!";
$username = $_POST["username"];
$prep = $db->prepare("SELECT name FROM spieler WHERE name=?");
$prep->bind_param("s", $username);
$prep->execute();
$prep->bind_result($user);
$prep->fetch();
$prep->close();
$email = $_POST["email"];
$prep = $db->prepare("SELECT email FROM spieler WHERE email=?");
$prep->bind_param("s", $email);
$prep->execute();
$prep->bind_result($mail);
$prep->fetch();
$prep->close();
if($user == "" && $mail == ""){
$password = password_hash($_POST["password"].$pepper, PASSWORD_BCRYPT);
$prep = $db->prepare("INSERT INTO spieler(name, passwort, email) VALUES(?, ?, ?)");
$prep->bind_param("sss", $username, $password, $email);
$prep->execute();
$prep->close();
} else if($user == $username){
echo "Benutzer existiert schon..";
} else if($mail == $email){
echo "E-Mail bereits vergeben..";
}
$db->close();
?>
我的DB图和表格属性:
如果我忘了任何需要的信息只是告诉我,我如果可能,请添加:)
您不能为表或列名称使用占位符,只能用于值。 – Barmar
噢好吧,但为什么我没有得到一个错误呢? – ultimate2106
你的查询没有语法错误,它只是不会做你想要的。它会将参数视为文字字符串。所以它就像'SELECT'name'FROM karten WHERE'name ='Fausthieb'''。 – Barmar