数据库
首页 > 数据库> > php – mysqli bind_param用于字符串数组

php – mysqli bind_param用于字符串数组

作者:互联网

我不能让这个工作.我现在已经花了很多时间.

这有效:

$mysqli = new mysqli("localhost", "root", "root", "db");
if(!$mysqli || $mysqli->connect_errno)
{
    return;
}
$query_str= "SELECT name FROM table WHERE city IN ('Nashville','Knoxville')";
if($query_prepared && $query_prepared->prepare($query_str))
{       
    $query_prepared->execute();

但是我不能让它与这样的bind_param一起工作:

$query_str= "SELECT name FROM table WHERE city IN (?)";
$query_prepared = $mysqli->stmt_init();
if($query_prepared && $query_prepared->prepare($query_str))
{       
    $cities= explode(",", $_GET['cities']);
    $str_get_cities=  "'".implode("','", $get_cities)."'"; // This equals 'Nashville','Knoxville'

    $query_prepared->bind_param("s", $cities);
    $query_prepared->execute();

我究竟做错了什么?

我也试过call_user_func_array,但似乎无法使语法正确.
任何帮助将不胜感激!

编辑:
我已经严格尝试了moskito-x的建议和大量的例子列在这里以及SO和随机网站的哪些地方,没有任何效果.我认为问题可能是PHP 5.4,这就是我的MAMP现在设置的.

解决方法:

你不能用一个问号绑定两个变量!

对于您绑定的每个变量,您需要一个问号

“bind_param”检查每个变量是否符合要求.之后,字符串值放在引号之间.

这不行.

"SELECT name FROM table WHERE city IN (?)"; ( becomes too )
$q_prepared->bind_param("s", $cities);
"SELECT name FROM table WHERE city IN ('city1,city2,city3,city4')";

一定是.

"SELECT name FROM table WHERE city IN (?,?,?,?)"; ( becomes too )
$q_prepared->bind_param("ssss", $city1,$city2,$city3,$city4);
"SELECT name FROM table WHERE city IN ('city1','city2','city3','city4')";

$query_prepared-> bind_param逐个引用字符串参数.
并且变量的数量和字符串类型的长度必须与语句中的参数匹配.

$query_str= "SELECT name FROM table WHERE city IN ('Nashville','Knoxville')";

会变成

$query_str= "SELECT name FROM table WHERE city IN (?,?)";

现在bind_param必须是

bind_param("ss",$arg1,$arg2)

有了这个

$query_str= "SELECT name FROM table WHERE city IN (?)";

和bind_param一起使用

bind_param("s",$cities)

你得到

$query_str= "SELECT name FROM table WHERE city IN ('Nashville,Knoxville')";

这就是数组不起作用的原因.
这个事实的唯一解决方案是call_user_func_array

如果您初始化声明,则不必执行以下操作

$query_prepared = $mysqli->stmt_init();
if($query_prepared && $query_prepared->prepare($query_str)) {

这是对的

$query_prepared = $mysqli->stmt_init();
if($query_prepared->prepare($query_str)) {

如果你不想使用call_user_func_array
你只有一小部分参数
你可以使用以下代码完成.

[...]
$cities= explode(",", $_GET['cities']);
if (count($cities)>3) { echo "too many arguments"; }
else
{ 
$count = count($cities); 
$SetIn = "(";
  for($i = 0; $i < $count; ++$i) {    
      $code.='s';
      if ($i>0) {$SetIn.=",?";} else {$SetIn.="?";}
  }
$SetIn.=")";
$query_str= "SELECT name FROM table WHERE city IN ".$SetIn;
// with 2 arguments $query_str will look like
// SELECT name FROM table WHERE city IN (?,?)
$query_prepared = $mysqli->stmt_init();
if($query_prepared->prepare($query_str))
  {       
    if ($count==1) { $query_prepared->bind_param($code, $cities[0]);}
    if ($count==2) { $query_prepared->bind_param($code, $cities[0],$cities[1]);}
    if ($count==3) { $query_prepared->bind_param($code, $cities[0],$cities[1],$cities[2]);
    // with 2 arguments $query_prepared->bind_param() will look like
    // $query_prepared->bind_param("ss",$cities[0],$cities[1])      
  }    

    $query_prepared->execute();
  } 
 [...]
 }

我建议你尝试使用call_user_func_array来达到.

寻找nick9v的解决方案
mysqli-stmt.bind-param

标签:php,mysql,mysqli,sqlbindparameter
来源: https://codeday.me/bug/20190916/1807870.html