php将准备好的语句添加到数据库_Php_Mysqli_Prepared Statement

php将准备好的语句添加到数据库

php

php将准备好的语句添加到数据库,php,mysqli,prepared-statement,Php,Mysqli,Prepared Statement,我想将准备好的语句实现到脚本中，但实际上无法使其工作。我已经有很多功能，所以我希望尽可能少的改变我认为最好有一个预先准备好的语句函数？所以当我得到用户输入时，我可以调用这些函数而不是查询 database.php类 class MySQLDB { var $connection; // The MySQL database connection /* Class constructor */ function MySQLDB() { global $d

我想将准备好的语句实现到脚本中，但实际上无法使其工作。我已经有很多功能，所以我希望尽可能少的改变

我认为最好有一个预先准备好的语句函数？所以当我得到用户输入时，我可以调用这些函数而不是查询

database.php类

class MySQLDB {
    var $connection; // The MySQL database connection

    /* Class constructor */
    function MySQLDB() {
        global $dbsystem;
        $this->connection = mysqli_connect ( DB_SERVER, DB_USER, DB_PASS,   DB_NAME ) or die ( 'Connection Failed (' . mysqli_connect_errno () . ') ' . mysqli_connect_error () );
    }


    /**
     * query - Performs the given query on the database and
     * returns the result, which may be false, true or a
     * resource identifier.
     */
    function query($query) {
        return mysqli_query ( $this->connection, $query );
    }
};

/* Create database connection */
$database = new MySQLDB ();

这就是我从另一个类调用数据库的方式

    $q = "UPDATE users SET name = '$name', started = '$time' WHERE id = '$id';";
    $result = mysqli_query ( $database->connection, $q );

在你的情况下，我会做一些更干净的事情，比如：

<?php

class MySQLDB{

  private function openConnection(){

    // If you don't always use same credentials, pass them by params
    $servername = "localhost";
    $username = "username";
    $password = "password";
    $database = "database";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $database);

    // Check connection
    if ($conn->connect_error) {
      die("Connection failed: " . $conn->connect_error);
    }

    // Assign conection object
    return $conn;
  }

  private function closeConnection($conn){
    $conn->close();
  }

  function updateUserById($id, $name, $startedTime){

    $conn = $this->openConnection();

    $sqlQuery = "UPDATE users SET name = ?, started = ? WHERE id = ?";

    if ($stmt = $conn->prepare($sqlQuery)) {

      // Bind parameters
      $stmt->bind_param("ssi", $name, $startedTime, $id);

      // Execute query
      $stmt->execute();

      if ($stmt->errno) {
        die ( "Update failed: " . $stmt->error);
      }

      $stmt->close();
      }

    $this->closeConnection($conn);
  }

} // Class end

我希望数据库类更具动态性，因此我必须执行以下操作：函数查询（$sql，$statement）{$conn=$this->openConnection（）；if（$stmt=$conn->prepare（$sql））{$stmt->bind_param（$statement）；//执行查询$stmt->Execute（）；if（$stmt->errno）{die（“更新失败：”..stmt->error）；}$stmt->close（）；}$this->closeConnection（$conn）；}
<?php

$myDBHandler = new MySQLDB;

$myDBHandler->updateUserById(3, "Mark", 1234);