I've just changed all my sql queries to prepared statements using mysqli. To speed this process up I created a function (called performQuery
) which replaces mysql_query
. It takes the query, the bindings (like "sdss") and the variables to pass in, this then does all the perpared statement stuff. This meant changing all my old code was easy. My function returns a mysqli_result
object using mysqli get_result()
.
This meant I could change my old code from:
$query = "SELECT x FROM y WHERE z = $var";
$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)){
echo $row['x'];
}
to
$query = "SELECT x FROM y WHERE z = ?";
$result = performQuery($query,"s",$var);
while ($row = mysql_fetch_assoc($result)){
echo $row['x'];
}
This works fine on localhost, but my web hosting server does not have mysqlnd available, therefore get_result()
does not work. Installing mysqlnd is not an option.
What is the best way to go from here? Can I create a function which replaces get_result()
, and how?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…