Is it possible to fetch_object while using bind_param? (PHP/MySQLi)

Question

I have a question for you guys. I'm trying to make the way that I run MySQL as secure as I can. I'm currently wondering if it's possible to fetch an object with MySQLi after I have prepared the statement, binded the parameters, and executed the statement.

Example:

$sql = $mysqli->prepare('SELECT * FROM users WHERE username = ?;');
$sql->bind_param('s', $username);

$username = 'RastaLulz';

$sql->execute();
$object = $sql->fetch_object();
echo $object->mail;

I get the following error:

Fatal error: Call to a member function fetch_object() on a non-object in C:\xampp\htdocs\ProCMS\DevBestCMS\inc\global\class.mysql.php on line 23

However, when I add "$sql->result_metadata();" I don't get an error, but it doesn't return a result (it's just NULL).

$sql = $mysqli->prepare('SELECT * FROM users WHERE username = ?;');
$sql->bind_param('s', $username);

$username = 'RastaLulz';

$sql->execute();
$result = $sql->result_metadata();
$object = $result->fetch_object();
echo $object->mail;

This is how you'd do it without binding the parameters:

$sql = $mysqli->query("SELECT * FROM users WHERE username = 'RastaLulz';");
$object = $sql->fetch_object();
echo $object->mail;

Here's my current MySQL class - just need to get the execute function working. http://uploadir.com/u/lp74z4

Any help is and will be appreciated!

Answer 1

I had the same question. I found out that I could do the following:

# prepare statement
$stmt = $conn->prepare($sql)

# bind params
$stmt->bind_param("s", $param);

# execute query
$stmt->execute();

# get result
$result = $stmt->get_result();

# fetch object
$object = $result->fetch_object();

I hope that works for you, too.

Answer 2

I just dug around in my Database class and this is how I do it. Honestly I don't remember why I needed to do it this way and there might be a much better way. But if it helps you here is the code. I do vaguely remember being irritated about there not being a simple way to get your results as an object.

// returns an array of objects
public function stmtFetchObject(){

    $rows=array(); //init

    // bind results to named array
    $meta = $this->stmt->result_metadata();
    $fields = $meta->fetch_fields();

    foreach($fields as $field) {
            $result[$field->name] = "";
            $resultArray[$field->name] = &$result[$field->name];
    }

    call_user_func_array(array($this->stmt, 'bind_result'), $resultArray);

    // create object of results and array of objects
    while($this->stmt->fetch()) {
            $resultObject = new stdClass();

            foreach ($resultArray as $key => $value) {
                $resultObject->$key = $value;
            }

            $rows[] = $resultObject;
    }

    return $rows;
}