Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

php - mysqli : Strict Standards: Only variables should be passed by reference

I'm trying to create a small SQL query class.

Here is my Class but i don't why, I've this error : Strict Standards: Only variables should be passed by reference in line 52

Line 52 is :

if (!$stmt->bind_param($param[$i][0], mysqli_real_escape_string($this->mysqli, $param[$i][1]))) {

My code (i'm beginning) :

<?php
class Sql{

    private $db;
    private $user;
    private $pwd;
    private $url;

    private $param;

    private $mysqli;

    function __construct($db, $user, $pwd, $url){
        $this->db = $db;
        $this->user = $user;
        $this->pwd = $pwd;
        $this->url = $url;


    }

    /**
     * mysqli::connection()
     * 
     * @return 
     */
    public function connection()
    {
        try{
            $this->mysqli = new mysqli($this->db, $this->user, $this->pwd, $this->url);
        }catch(Exception $e){
            throw new Exception("Impossible de se connecter à la base " . $this->db);
        }
    }

    public function select($query, $param, $debug=false){

        $this->connection();

        $r = $this->InitialiseResult("select");

        if (!($stmt = $this->mysqli->prepare($query))) {
            echo "Echec de la préparation : (" . $this->mysqli->errno . ") " . $this->mysqli->error;
        }

        //Param
        for($i=0;$i<sizeof($param);$i++){
            if (!$stmt->bind_param($param[$i][0], mysqli_real_escape_string($this->mysqli, $param[$i][1]))) {
                echo "Echec lors du liage des paramètres : (" . $stmt->errno . ") " . $stmt->error;
            }
        }

        if (!$stmt->execute()) {
            echo "Echec lors de l'exécution : (" . $stmt->errno . ") " . $stmt->error;
        }

        if (!($res = $stmt->get_result())) {
            echo "Echec lors de la récupération du jeu de résultats : (" . $stmt->errno . ") " . $stmt->error;
        }else{

            $r["state"] = true;
            $r["rows"] = $res->fetch_assoc();
            $r["num_rows"] = $res->num_rows;

            if($debug)
                var_dump($r);

        }

        return $r;

    }


    /**
     * mysqli::InitialiseResult()
     *
     * @param mixed $p
     * @return
     */
    public function InitialiseResult($p)
    {
        $r = array(); //on écrase
        $r["state"] = false;

        switch($p){
            case "select":

                $r["rows"] = array();
                $r["num_rows"] = 0;
                break;

        }

        return $r;
    }
}
?>

I've try to put $param in a property and use that is mysqli_real_escape_string() but the error is still there.

Any ideas?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

$stmt->bind_param() requires all params to be passed by reference, so you can't pass function's return value directly (without assigning it to a variable first, that is). But, as was already mentioned in the comments, you don't need to escape the parameters at all, that's one of the advantages of using prepared statements.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...