Geek Answers Handbook

Is fetch_object possible when using bind_param? (PHP / MySQLi)

I have a question for you guys. I am trying to make MySQL run as securely as possible. Currently, I am wondering if it is possible to get an object with MySQLi after I prepared the statement, bound the parameters and executed the statement.

Example:

$sql = $mysqli->prepare('SELECT * FROM users WHERE username = ?;'); $sql->bind_param('s', $username); $username = 'RastaLulz'; $sql->execute(); $object = $sql->fetch_object(); echo $object->mail;

I get the following error:

 Fatal error: Call to a member function fetch_object() on a non-object in C:\xampp\htdocs\ProCMS\DevBestCMS\inc\global\class.mysql.php on line 23

However, when I add "$ sql-> result_metadata ();" I am not getting an error, but it does not return a result (this is just NULL).

 $sql = $mysqli->prepare('SELECT * FROM users WHERE username = ?;'); $sql->bind_param('s', $username); $username = 'RastaLulz'; $sql->execute(); $result = $sql->result_metadata(); $object = $result->fetch_object(); echo $object->mail;

So you can do this without binding parameters:

 $sql = $mysqli->query("SELECT * FROM users WHERE username = 'RastaLulz';"); $object = $sql->fetch_object(); echo $object->mail;

Here is my current MySQL class - you just need to make the execute function work. http://uploadir.com/u/lp74z4

Any help would be appreciated!

+6
php mysqli
source share
3 answers

I just dug a Database in my class, and that’s how I do it. Honestly, I don’t remember why I need it, and it can be much better. But if that helps you, here is the code. I vaguely remember how annoying I was that there was no easy way to get the results as an object.

 // returns an array of objects public function stmtFetchObject(){ $rows=array(); //init // bind results to named array $meta = $this->stmt->result_metadata(); $fields = $meta->fetch_fields(); foreach($fields as $field) { $result[$field->name] = ""; $resultArray[$field->name] = &$result[$field->name]; } call_user_func_array(array($this->stmt, 'bind_result'), $resultArray); // create object of results and array of objects while($this->stmt->fetch()) { $resultObject = new stdClass(); foreach ($resultArray as $key => $value) { $resultObject->$key = $value; } $rows[] = $resultObject; } return $rows; }
+2
source share

I had the same question. I found out that I can do the following:

 # prepare statement $stmt = $conn->prepare($sql) # bind params $stmt->bind_param("s", $param); # execute query $stmt->execute(); # get result $result = $stmt->get_result(); # fetch object $object = $result->fetch_object();

I hope this works for you too.

+6
source share

What ';' at the end of your statement? You are giving mysqli an invalid query and therefore are not creating an object for you. The problem is not fetch_object, but the preparation statement. Delete ';' and try again. It should work like a charm.

I have never seen such an end to a request. Try to instantiate the variable before binding. I think this is just good practice, but use double quotes instead of double quotes.

0
source share

More articles:


All Articles