Fatal编程技术网
  • php/
  • Php Mysqli准备语句故障排除

Php Mysqli准备语句故障排除

php

Php Mysqli准备语句故障排除,php,mysqli,Php,Mysqli,我被难住了,我最近在简单的Mysqli语句中使用了它,但是被告知要避免注入,使用准备好的语句来编写它。截断是唯一有效的方法。有什么建议吗 $con=mysqli_connect(localhost,"username","password","db"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $d

我被难住了,我最近在简单的Mysqli语句中使用了它,但是被告知要避免注入,使用准备好的语句来编写它。截断是唯一有效的方法。有什么建议吗

$con=mysqli_connect(localhost,"username","password","db");


// Check connection
if (mysqli_connect_errno())
 {
 echo "Failed to connect to MySQL: " . mysqli_connect_error();
 }

$deletetable = $con->prepare('TRUNCATE TABLE twitch_streams');
$deletetable->execute();
$deletetable->close();

$result = $con->prepare("SELECT field_value
FROM xf_user_field_value
WHERE field_id = 'twitch'
AND field_value != ''");

$result->bind_result($twitchfield);

while($result->fetch())
{
printf("%s\n", $twitchfield);
$username[] = $twitchfield;
$data =    json_decode(file_get_contents('http://api.justin.tv/api/stream/l   ist.json?channel=' . $username[0]));
$viewer[] = $data[0]->channel_count;


$insert = $con->prepare("INSERT INTO twitch_streams (twitchuser, viewercount)
VALUES (?, ?)");
$insert->bind_param('si', $twitchuser, $viewercount);

$twitchuser = $username[0];
$viewercount = $viewer[0];

$insert->execute();

echo $twitchuser;
echo $viewercount;
$insert->close();
  }

$result->close();$deletetable = $con->prepare('TRUNCATE TABLE twitch_streams');
$deletetable->execute();
$deletetable->close();

$result = $con->prepare("SELECT field_value
FROM xf_user_field_value
WHERE field_id = twitch
AND field_value != ''");

$result->bind_result($twitchfield);

while($result->fetch())
  {
   printf("%s\n", $twitchfield);
   $username[] = $twitchfield;
   $data =    json_decode(file_get_contents('http://api.justin.tv/api/stream/l   ist.json?      channel=' . $username[0]));
$viewer[] = $data[0]->channel_count;


$insert = $con->prepare("INSERT INTO twitch_streams (twitchuser, viewercount)
VALUES (?, ?)");
$insert = bind_param('si', $twitchuser, $viewercount);

$twitchuser = $username[0];
$viewercount = $viewer[0];

$insert->execute();

echo $twitchuser;
echo $viewercount;
$insert->close();
  }

$result->close();
mysqli_close($con);
没有函数
bind_param()
,它是一种mysqli_stmt

你这样使用它:

$insert->bind_param()

查看有关mysqli\u stmt的更多信息查看您的错误日志,查看是否存在任何其他错误。已检查该错误,但仍然没有输出。似乎$result语句也不起作用。