[英]Dynamic mysqli prepared statement
I need help creating a method for dynamic mysqli prepared statements. 我需要帮助为动态mysqli准备的语句创建方法。 The code below has errors.
下面的代码有错误。 I know I'm completely off with the way mysqli_stmt_bind_param is set up but I can't figure out a solution.
我知道我完全不赞成设置mysqli_stmt_bind_param的方式,但是我找不到解决方案。 My coding style is probably strange since I'm using OO php, but procedural mysqli.
由于我使用的是OO php,所以我的编码风格可能很奇怪,但是过程mysqli。 I haven't had the time to figure out OO mysqli since the books and videos I read/watch use procedural mysqli.
自从我阅读/观看的书籍和视频使用程序化mysqli以来,我还没有时间弄清楚OO mysqli。 Most of the solutions I've seen for this problem use OO mysqli.
我针对该问题看到的大多数解决方案都使用OO mysqli。 I'd prefer to get a short-term fix for this rather than having to learn PDO after I spent so much time learning mysqli.
我宁愿为此获得短期修复,而不是在花了很多时间学习mysqli之后不得不学习PDO。
public function create($sql, $param_type, $param){
//param_type should be set as $param_type = "'ssss'" so that single quotes get passed into the variable
//param should be an array
//param array items should be escaped
$stmt = mysqli_prepare($this->dbc, $sql);
mysqli_stmt_bind_param($stmt, $param_type, join(array_values($param), ", "));
$result = mysqli_stmt_execute($stmt);
if($result){
return true;
} else{
return false;
}
mysqli_stmt_close($stmt);
}
To use OO mysqli is simple: 使用OO mysqli很简单:
mysqli_blah($this->dbc)
call to $this->dbc->blah()
. mysqli_blah($this->dbc)
调用更改$this->dbc->blah()
。 mysqli_stmt_blah($stmt)
call to $stmt->blah()
. mysqli_stmt_blah($stmt)
调用更改为$stmt->blah()
。 Also, always check the return value from prepare()
and execute()
. 另外,请始终检查
prepare()
和execute()
的返回值。 They return false when there's an error in parsing or execution, and you need to check for these and report errors every time . 当解析或执行中存在错误时,它们将返回false,您需要每次检查并报告错误。
The mysqli_stmt_bind_param()
function is tricky because it expects a variable number of arguments, one for each letter in the param type argument, not a string of comma-separated values. mysqli_stmt_bind_param()
函数很棘手,因为它期望可变数量的参数,param类型参数中的每个字母一个, 而不是逗号分隔的字符串。 Also, it requires you pass variables by reference, not scalars, and not a single array. 另外,它要求您按引用传递变量,而不是标量,而不是单个数组。
WRONG: mysqli_stmt_bind_param($stmt, "sss", "red,green,blue");
错误:
mysqli_stmt_bind_param($stmt, "sss", "red,green,blue");
WRONG: mysqli_stmt_bind_param($stmt, "sss", "red", "green", "blue");
错误:
mysqli_stmt_bind_param($stmt, "sss", "red", "green", "blue");
WRONG: mysqli_stmt_bind_param($stmt, "sss", $param_array);
错误:
mysqli_stmt_bind_param($stmt, "sss", $param_array);
RIGHT: mysqli_stmt_bind_param($stmt, "sss", $param1, $param2, $param3);
右:
mysqli_stmt_bind_param($stmt, "sss", $param1, $param2, $param3);
This makes it difficult and confusing to do what you're doing: writing a general-purpose function to prepare and execute an SQL statement with a dynamic number of parameters. 这使您难以做事情:编写一个通用函数来准备和执行带有动态数量参数的SQL语句。 You have to use
call_user_func_array()
but you have to rewrite the array of arguments as an array of references. 您必须使用
call_user_func_array()
但必须将参数数组重写为引用数组。
I wrote examples in a couple of my past SO answers: 我在过去的几个答案中都写了一些示例:
PDO solves this much more easily, you don't have bind anything, you just pass an array to execute()
. PDO更轻松地解决了这个问题,您无需绑定任何内容,只需将一个数组传递给
execute()
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.