English
English
When using PHP's mysqli extension for database operations, we often use preprocessing statements to improve security and execution efficiency. mysqli::stmt_init() is a common starting point for creating preprocessing statement objects, but have you ever encountered such a situation:
You initialized the statement object with stmt_init() , but the subsequent call to prepare() failed silently, without an error or an exception, the code was silently "executed", but the database operation did not change?
This "silence failure" problem is very hidden. Today we will analyze a common cause and attach sample code to help you quickly locate the problem.
You may have written a code similar to the following:
<?php
$mysqli = new mysqli("localhost", "user", "password", "database");
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
$stmt = $mysqli->stmt_init();
if ($stmt->prepare("SELECT * FROM users WHERE email = ?")) {
$email = "example@m66.net";
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
print_r($row);
}
$stmt->close();
} else {
echo "Failed to prepare statement";
}
$mysqli->close();
?>
It looks OK, right? But if $stmt->prepare() returns false , the program will not execute downwards and will not report any clear error messages. You don't even know why prepare fails.
prepare() returns false , actually means that the statement preprocessing failed, but you need to actively call $mysqli->error or $stmt->error to get specific error information.
For example:
if (!$stmt->prepare("SELECT * FROM users WHERE email = ?")) {
die("Preprocessing failed: " . $stmt->error); // or $mysqli->error
}
Even if you don't splice strings, statically writing dead SQL may be problematic. For example:
$stmt->prepare("SELECT FROM users WHERE email = ?"); // Missing field name
prepare() will return false at this time, but you won't know what's wrong, unless you add the error output to see the specific reason.
Always check the return value of prepare() and output the error message:
if (!$stmt->prepare($sql)) {
die("Prepare fail: " . $stmt->error);
}
Turn on error reporting mode for easy debugging:
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
After adding this sentence, mysqli errors will automatically throw exceptions, which is very suitable for troubleshooting problems in the development stage.
Avoid chaining calls prepare() immediately after using stmt_init() on $stmt without checking:
$stmt = $mysqli->stmt_init();
if (!$stmt) {
die("stmt_init fail: " . $mysqli->error);
}
If you find that the subsequent prepare() or execute() operations fail but no errors are reported after creating a statement object using mysqli::stmt_init() , please be sure to manually check $stmt->error and $mysqli->error and enable error reporting mode. Otherwise, you may waste a lot of time checking for problems that do not exist at all in the "illusion" of the code logic correct but the actual operation failed.
In addition, ensuring that the SQL statement itself has no syntax errors, the field name is spelled correctly, and the number of parameters matches are all prerequisites to ensure the success of prepare() .
