为 PHP 用户 Class 创建 mySQLi 准备语句
Creating mySQLi Prepared Statements for a PHP User Class
我创建了一个用户 class,它看起来像这样:
class User {
private $user;
private $con;
public function __construct($con, $user){
$this->con = $con;
$user_details_query = mysqli_query($con, "SELECT * FROM users WHERE username='$user'");
$this->user = mysqli_fetch_array($user_details_query);
}
public function getUsername() {
return $this->user['username'];
}
public function getNumberOfFriendRequests() {
$username = $this->user['username'];
$query = mysqli_query($this->con, "SELECT * FROM friend_requests WHERE user_to='$username'");
return mysqli_num_rows($query);
}
public function getNumPosts() {
$username = $this->user['username'];
$query = mysqli_query($this->con, "SELECT num_posts FROM users WHERE username='$username'");
$row = mysqli_fetch_array($query);
return $row['num_posts'];
}
还有更多内容,但我想了解的是如何使用准备好的语句重新创建它而不会弄乱其余页面。我调用了多个依赖给定用户 class 结构的页面。我是准备好的 staements 的新手,但做得很好,但是在 classes 方面遇到了麻烦。例如,我试图重新创建 public function getNumberOfFriendRequests() 以便它具有与以前相同的输出,这样现有页面就不会抛出错误。这是我目前所拥有的:
public function getNumberOfFriendRequests() {
$username $this->user['username'];
$query = mysqli_prepare($this->$con, "SELECT COUNT(*) FROM friend_requests WHERE user_to=?");
$query->bind_param('s', $username);
$query->execute();
$query_>bind_result(NOT SURE);
$query->fetch();
}
我也对 public function __construct($con, $user) 感到困惑,因为每当我想访问用户数据时都会调用它。有谁知道我将如何开始重写给定的用户 class 以便 returns 相同并且不会干扰相关页面上的 php 调用?
这应该与您相同的 class 重写为使用准备好的语句。当您说 "This User" 并传入您的 DB 对象时,您的构造很有意义。您不会使用 bind_result,因为您使用的是 SELECT *,而 bind_result 用于定位特定字段。
class User {
private $user;
private $con;
public function __construct($con, $user){
$this->con = $con;
/* prepare the query */
$stmt = $this->con->stmt_init();
$stmt->prepare('SELECT * FROM users WHERE username = ?');
/* Bind to string $user */
$stmt->bind_param('s', $user);
$stmt->execute();
/* Get a result obj */
$result = $stmt->get_result();
$this->user = $result->fetch_assoc();
/* free results */
$stmt->free_result();
/* close statement */
$stmt->close();
}
public function getUsername() {
return $this->user['username'];
}
public function getNumberOfFriendRequests() {
$username = $this->user['username'];
$stmt = $this->con->stmt_init();
$stmt->prepare('SELECT * FROM friend_requests WHERE user_to = ?');
$stmt->bind_param('s', $user);
$stmt->execute();
/* Get a result obj */
$result = $stmt->get_result();
$qty = $result->num_rows;
/* free results */
$stmt->free_result();
/* close statement */
$stmt->close();
return $qty;
}
public function getNumPosts() {
$username = $this->user['username'];
$stmt = $this->con->stmt_init();
$stmt->prepare('SELECT num_posts FROM users WHERE username=?');
/* Bind to string $user */
$stmt->bind_param('s', $user);
$stmt->execute();
/* Get a result obj */
$result = $stmt->get_result();
$data = $result->fetch_assoc();
/* free results */
$stmt->free_result();
/* close statement */
$stmt->close();
return $data['num_posts'];
}
P.S。不要使用 SELECT *;参见:Select * Is Evil
我创建了一个用户 class,它看起来像这样:
class User {
private $user;
private $con;
public function __construct($con, $user){
$this->con = $con;
$user_details_query = mysqli_query($con, "SELECT * FROM users WHERE username='$user'");
$this->user = mysqli_fetch_array($user_details_query);
}
public function getUsername() {
return $this->user['username'];
}
public function getNumberOfFriendRequests() {
$username = $this->user['username'];
$query = mysqli_query($this->con, "SELECT * FROM friend_requests WHERE user_to='$username'");
return mysqli_num_rows($query);
}
public function getNumPosts() {
$username = $this->user['username'];
$query = mysqli_query($this->con, "SELECT num_posts FROM users WHERE username='$username'");
$row = mysqli_fetch_array($query);
return $row['num_posts'];
}
还有更多内容,但我想了解的是如何使用准备好的语句重新创建它而不会弄乱其余页面。我调用了多个依赖给定用户 class 结构的页面。我是准备好的 staements 的新手,但做得很好,但是在 classes 方面遇到了麻烦。例如,我试图重新创建 public function getNumberOfFriendRequests() 以便它具有与以前相同的输出,这样现有页面就不会抛出错误。这是我目前所拥有的:
public function getNumberOfFriendRequests() {
$username $this->user['username'];
$query = mysqli_prepare($this->$con, "SELECT COUNT(*) FROM friend_requests WHERE user_to=?");
$query->bind_param('s', $username);
$query->execute();
$query_>bind_result(NOT SURE);
$query->fetch();
}
我也对 public function __construct($con, $user) 感到困惑,因为每当我想访问用户数据时都会调用它。有谁知道我将如何开始重写给定的用户 class 以便 returns 相同并且不会干扰相关页面上的 php 调用?
这应该与您相同的 class 重写为使用准备好的语句。当您说 "This User" 并传入您的 DB 对象时,您的构造很有意义。您不会使用 bind_result,因为您使用的是 SELECT *,而 bind_result 用于定位特定字段。
class User {
private $user;
private $con;
public function __construct($con, $user){
$this->con = $con;
/* prepare the query */
$stmt = $this->con->stmt_init();
$stmt->prepare('SELECT * FROM users WHERE username = ?');
/* Bind to string $user */
$stmt->bind_param('s', $user);
$stmt->execute();
/* Get a result obj */
$result = $stmt->get_result();
$this->user = $result->fetch_assoc();
/* free results */
$stmt->free_result();
/* close statement */
$stmt->close();
}
public function getUsername() {
return $this->user['username'];
}
public function getNumberOfFriendRequests() {
$username = $this->user['username'];
$stmt = $this->con->stmt_init();
$stmt->prepare('SELECT * FROM friend_requests WHERE user_to = ?');
$stmt->bind_param('s', $user);
$stmt->execute();
/* Get a result obj */
$result = $stmt->get_result();
$qty = $result->num_rows;
/* free results */
$stmt->free_result();
/* close statement */
$stmt->close();
return $qty;
}
public function getNumPosts() {
$username = $this->user['username'];
$stmt = $this->con->stmt_init();
$stmt->prepare('SELECT num_posts FROM users WHERE username=?');
/* Bind to string $user */
$stmt->bind_param('s', $user);
$stmt->execute();
/* Get a result obj */
$result = $stmt->get_result();
$data = $result->fetch_assoc();
/* free results */
$stmt->free_result();
/* close statement */
$stmt->close();
return $data['num_posts'];
}
P.S。不要使用 SELECT *;参见:Select * Is Evil