Php MySQLi-将表值作为字符串而不是对象获取
我试图使用php从我的用户MySQL表中检索名称和用户电子邮件值,如下所示: 我正在使用以下代码试图获取当前登录用户的名称和用户电子邮件:Php MySQLi-将表值作为字符串而不是对象获取,php,mysql,mysqli,Php,Mysql,Mysqli,我试图使用php从我的用户MySQL表中检索名称和用户电子邮件值,如下所示: 我正在使用以下代码试图获取当前登录用户的名称和用户电子邮件: <?php session_start(); #connect to MySQL database require_once("settings.php"); $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME); #get username of current session $use
<?php
session_start();
#connect to MySQL database
require_once("settings.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
#get username of current session
$username = $_SESSION['username'];
#get userEmail of logged-in user from database
$sql = "SELECT userEmail from Users WHERE username LIKE '{$username}' LIMIT 1";
$result = $mysqli->query($sql);
$replyTo = mysqli_fetch_field($result);
#get name of logged-in user from database
$sql2 = "SELECT name from Users WHERE username LIKE '{$username}' LIMIT 1";
$result2 = $mysqli->query($sql2);
$name = mysqli_fetch_field($result2);
?>
…并获取以下错误:
警告:trim()希望参数1是字符串,对象在/var/www/phpmailer/class.phpmailer.php行489中给出(该对象是$replyTo)
可捕获的致命错误:stdClass类的对象无法在/var/www/phpmailer/class.phpmailer.php行490中转换为字符串(此对象为$name)
使用Chrome Logger进行调试,我发现这些是$userEmail和$name的值:
<?php
session_start();
#connect to MySQL database
require_once("settings.php");
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
#get username of current session
$username = $_SESSION['username'];
#get userEmail of logged-in user from database
$sql = "SELECT userEmail from Users WHERE username LIKE '{$username}' LIMIT 1";
$result = $mysqli->query($sql);
$replyTo = mysqli_fetch_field($result);
#get name of logged-in user from database
$sql2 = "SELECT name from Users WHERE username LIKE '{$username}' LIMIT 1";
$result2 = $mysqli->query($sql2);
$name = mysqli_fetch_field($result2);
?>
我认为您可以通过一次查询获得电子邮件和姓名-出于安全原因,使用准备好的语句(SQLIA)
您使用了错误的函数。返回列元数据-不是值。哈,是的,我认为是。我通常默认W3Schools,尽管我在这里看到有人强烈反对W3Schools。出于某种原因,Google和W3schools在这个特定项目上让我不及格(更像是我自己不及格)是的,这是
bind_param
并保留username=?
。。如果您使用WHERE username='{$username}'
,则不需要使用bind_param,这是一种不好的方法,因为它现在为它们分配了正确的值。非常感谢!
#get userEmail of logged-in user from database
$sql = "SELECT userEmail,name from Users WHERE username = ? LIMIT 1";
// this is prepared statement and prevent form sql injection attack
$statement = $mysqli->prepare($sql);
$statement->bind_param('s',$username);
$statement->execute();
$result = $statement->get_result();
// fetch first record in associative array
$userDetail = $result->fetch_assoc();
if($userDetail)
{
$replyTo = $userDetail['userEmail'];
$name = $uerDetail['name'];
$mail->setFrom($replyTo, $name);
}
else
{
echo 'user not found';
}