动态mysqli准备语句
[英]Dynamic mysqli prepared statement
问题描述
I need help creating a method for dynamic mysqli prepared statements. 
我需要帮助为动态mysqli准备的语句创建方法。 The code below has errors. 下面的代码有错误。 I know I'm completely off with the way mysqli_stmt_bind_param is set up but I can't figure out a solution. 我知道我完全不赞成设置mysqli_stmt_bind_param的方式,但是我找不到解决方案。 My coding style is probably strange since I'm using OO php, but procedural mysqli. 由于我使用的是OO php,所以我的编码风格可能很奇怪,但是过程mysqli。 I haven't had the time to figure out OO mysqli since the books and videos I read/watch use procedural mysqli. 自从我阅读/观看的书籍和视频使用程序化mysqli以来,我还没有时间弄清楚OO mysqli。 Most of the solutions I've seen for this problem use OO mysqli. 我针对该问题看到的大多数解决方案都使用OO mysqli。 I'd prefer to get a short-term fix for this rather than having to learn PDO after I spent so much time learning mysqli. 我宁愿为此获得短期修复,而不是在花了很多时间学习mysqli之后不得不学习PDO。
public function create($sql, $param_type, $param){
//param_type should be set as $param_type = "'ssss'" so that single quotes get passed into the variable
//param should be an array
//param array items should be escaped
$stmt = mysqli_prepare($this->dbc, $sql);
mysqli_stmt_bind_param($stmt, $param_type, join(array_values($param), ", "));
$result = mysqli_stmt_execute($stmt);
if($result){
return true;
} else{
return false;
}
mysqli_stmt_close($stmt);
}
1 个解决方案
解决方案1
1 2013-07-17 22:35:34
To use OO mysqli is simple: 使用OO mysqli很简单:
- Change every
mysqli_blah($this->dbc)call to$this->dbc->blah().将每个mysqli_blah($this->dbc)调用更改$this->dbc->blah()。 - Change every
mysqli_stmt_blah($stmt)call to$stmt->blah().将每个mysqli_stmt_blah($stmt)调用更改为$stmt->blah()。 - Profit! 利润!
Also, always check the return value from prepare() and execute() . 另外,请始终检查prepare()和execute()的返回值。 They return false when there's an error in parsing or execution, and you need to check for these and report errors every time . 当解析或执行中存在错误时,它们将返回false,您需要每次检查并报告错误。
The mysqli_stmt_bind_param() function is tricky because it expects a variable number of arguments, one for each letter in the param type argument, not a string of comma-separated values. mysqli_stmt_bind_param()函数很棘手,因为它期望可变数量的参数,param类型参数中的每个字母一个, 而不是逗号分隔的字符串。 Also, it requires you pass variables by reference, not scalars, and not a single array. 另外,它要求您按引用传递变量,而不是标量,而不是单个数组。
WRONG:
mysqli_stmt_bind_param($stmt, "sss", "red,green,blue");错误: mysqli_stmt_bind_param($stmt, "sss", "red,green,blue");WRONG:
mysqli_stmt_bind_param($stmt, "sss", "red", "green", "blue");错误: mysqli_stmt_bind_param($stmt, "sss", "red", "green", "blue");WRONG:
mysqli_stmt_bind_param($stmt, "sss", $param_array);错误: mysqli_stmt_bind_param($stmt, "sss", $param_array);RIGHT:
mysqli_stmt_bind_param($stmt, "sss", $param1, $param2, $param3);右: mysqli_stmt_bind_param($stmt, "sss", $param1, $param2, $param3);
This makes it difficult and confusing to do what you're doing: writing a general-purpose function to prepare and execute an SQL statement with a dynamic number of parameters. 这使您难以做事情:编写一个通用函数来准备和执行带有动态数量参数的SQL语句。 You have to use call_user_func_array() but you have to rewrite the array of arguments as an array of references. 您必须使用call_user_func_array()但必须将参数数组重写为引用数组。
I wrote examples in a couple of my past SO answers: 我在过去的几个答案中都写了一些示例:
- How to bind an arbitrary number of values to a prepared statement in mysqli? 如何在mysqli中将任意数量的值绑定到准备好的语句?
- mysqli_prepare vs PDO mysqli_prepare与PDO
PDO solves this much more easily, you don't have bind anything, you just pass an array to execute() . PDO更轻松地解决了这个问题,您无需绑定任何内容,只需将一个数组传递给execute() 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.