我正试图将代码更改为mysql中msqli准备的语句。我不知道如何调整我目前工作的代码,以检查数据库中是否已经有电子邮件。下面是我目前正在使用的代码。如何将其更改为准备好的语句并获得相同的结果?
//if email is equal to an email already in the database, display an error message
if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE email = '".mysql_real_escape_string($_POST['email'])."'")))
{
echo "<p class='red'>Email is already registered with us</p>";
} else {
// missing code?
}
应该是这样的:
// enable error reporting for mysqli
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
// create mysqli object
$mysqli = new mysqli(/* fill in your connection info here */);
$email = $_POST['email']; // might want to validate and sanitize this first before passing to database...
// set query
$query = "SELECT COUNT(*) FROM users WHERE email = ?";
// prepare the query, bind the variable and execute
$stmt = $mysqli->prepare($query);
$stmt->bind_param('s', $email);
$stmt->execute();
// grab the result
$stmt->bind_result($numRows);
$stmt->fetch();
if ($numRows) {
echo "<p class='red'>Email is already registered with us</p>";
} else {
// ....
}
这个链接也可以帮助你:
http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php