![](/img/trans.png)
[英]How to use quotations in SQL statement with MySQLi Prepared Statements in PHP?
[英]How to make prepared mysqli statements for dynamic sql statement
我想為動態SQL語句准備一條准備好的語句,該語句取決於用戶的決定。 所以我事先不知道它會是什么樣。 我無法提前為其創建“模板”。 例如:
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = new mysqli('localhost','root','','test');
if (isset($_POST['submit'])){
$build = "";
if(!empty($_POST['city'])){
$city=$_POST['city'];
$build.= "AND city= $city ";
}
if(!empty($_POST['type'])){
$type=$_POST['type'];
$build.= "AND type = $type ";
}
$build= substr_replace($build,'',0,3);
$sql = "SELECT * FROM proizvodi WHERE $build";
$search=$conn->query($sql);
$num = $search->num_rows;
if($num>0){
echo "<table>";
while($row = $search->fetch_object()){
echo "<tr>";
echo "<td>".$row->name."</td>";
echo "<td>".$row->surname."</td>";
echo "<td>".$row->price."</td>";
echo "</tr>";
}
echo "</table>";
}
}else{
echo "Put some value";
}
?>
<form action="" method="post">
<input type="text" name="house" id="city"/>City
<input type="text" name="flat" id="type"/>Type
<input type="submit" name="submit" id="submit" value="Submit"/>
</form>
我有一些想法可以為每個$ build字符串制作prepare語句,但是我不確定是否可以,例如,如果我有數十種可能的用戶輸入,該怎么辦。 那將是太多的代碼。 有沒有更優雅的方法可以做到這一點? 謝謝!
從上述想法構建准備好的語句時,您需要考慮如何構建SQL和綁定變量。
$build = "";
$bindType = ""; // String for bind types
$data = []; // Array for the bound fields
if(!empty($_POST['city'])){
$bindType .= "s"; // This is a string bind
$data[] = $_POST['city']; // Add the field into the list of bound fields
$build .= "AND city= ? "; // ? for the bound field
}
因此,對您要使用的每個字段重復此模式(除非不要重新初始化包括$data
數組在內的各種內容)。 將每個項目添加到$bindType
會構建一個字符串,如http://php.net/manual/en/mysqli-stmt.bind-param.php所示 。
然后執行查詢,使用splat運算符( ... )綁定數組值...
$sql = "SELECT * FROM proizvodi WHERE $build";
$search=$conn->prepare($sql);
$search->bind_param($bindType, ...$data);
$search->execute();
這可能對您有幫助@Bunny Davis,
$data = $_POST[];
$query = "SELECT * FROM proizvodi WHERE 1";
foreach ($data as $key => $value) {
$query .= " AND $key ='$value'";
}
//now $query is your final query
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.