1. 首页
  2. 问答
  3. 如何使用mysqli预处理语句绑定N个参数?

如何使用mysqli预处理语句绑定N个参数?

2012-06-22 56 views
0

在旧版本的MySQL的代码,我有低于该查询工作完全是在下面:如何使用mysqli预处理语句绑定N个参数?

$questioncontent = (isset($_GET['questioncontent'])) ? $_GET['questioncontent'] : ''; 

$searchquestion = $questioncontent; 
$terms = explode(" ", $searchquestion); 

$questionquery = " 
SELECT q.QuestionId, q.QuestionContent, o.OptionType, an.Answer, r.ReplyType, 
    FROM Answer an 
    INNER JOIN Question q ON q.AnswerId = an.AnswerId 
    JOIN Reply r ON q.ReplyId = r.ReplyId 
    JOIN Option_Table o ON q.OptionId = o.OptionId 

       WHERE "; 

    foreach ($terms as $each) {  
     $i++;   

     if ($i == 1){   
      $questionquery .= "q.QuestionContent LIKE `%$each%` ";  
      } else {   
       $questionquery .= "OR q.QuestionContent LIKE `%$each%` ";  
       } 
       } 

       $questionquery .= "GROUP BY q.QuestionId, q.SessionId ORDER BY "; $i = 0; foreach ($terms as $each) {  
        $i++;  

     if ($i != 1)   
     $questionquery .= "+";  
     $questionquery .= "IF(q.QuestionContent LIKE `%$each%` ,1,0)"; 
     } 

     $questionquery .= " DESC ";

但由于旧的MySQL是渐行渐远,人们都在说使用PDO或mysqli的(不能使用,因为PDO的版本的PHP我目前得到),我试着改变我的代码到mysqli,但这是给我的问题。在下面的代码中,我省去了bind_params命令,我的问题是如何在下面的查询中绑定参数?它需要能够结合多个$each因为用户能够在输入多个术语,并且每个$each被归类为一个术语。

下面是同一查询当前的mysqli代码:

 $questioncontent = (isset($_GET['questioncontent'])) ? $_GET['questioncontent'] : ''; 

     $searchquestion = $questioncontent; 
     $terms = explode(" ", $searchquestion); 

     $questionquery = " 
     SELECT q.QuestionId, q.QuestionContent, o.OptionType, an.Answer, r.ReplyType, 
      FROM Answer an 
      INNER JOIN Question q ON q.AnswerId = an.AnswerId 
      JOIN Reply r ON q.ReplyId = r.ReplyId 
      JOIN Option_Table o ON q.OptionId = o.OptionId 

         WHERE "; 

    foreach ($terms as $each) {  
       $i++;   

       if ($i == 1){   
    $questionquery .= "q.QuestionContent LIKE ? ";  
        } else {   
    $questionquery .= "OR q.QuestionContent LIKE ? ";  
         } 
         } 

$questionquery .= "GROUP BY q.QuestionId, q.SessionId ORDER BY "; $i = 0; foreach ($terms as $each) {  
          $i++;  

       if ($i != 1)   
       $questionquery .= "+";  
       $questionquery .= "IF(q.QuestionContent LIKE ? ,1,0)"; 
       } 

       $questionquery .= " DESC "; 



      $stmt=$mysqli->prepare($questionquery);  
      $stmt->execute(); 
      $stmt->bind_result($dbQuestionId,$dbQuestionContent,$dbOptionType,$dbAnswer,$dbReplyType); 
      $questionnum = $stmt->num_rows();

来源

2012-06-22 user1394925

回答

4

看看这个SO Post谈到有关使用call_user_func_arraybind_param()

PHP Docs on mysqli_stmt_bind_param它下面说...

注:

保健必须与call_user_func_array结合 使用mysqli_stmt_bind_param()时,应考虑()。需要注意的是mysqli_stmt_bind_param() 需要参数以引用的方式传递,而 call_user_func_array()可以作为参数接受的变量 可以表示的引用或值的列表。

你要使用这样的

call_user_func_array(array($stmt, 'bind_param'), $terms);

,它是由你来确保?字符正确的号码出现在你的SQL字符串$stmt

[编辑]

这里的工作示例

// user entered search strings 
$user_terms = array("a", "b", "c"); 

// append your wildcard "%" to all elements. you must use "&" reference on &$value 
foreach ($user_terms as &$value) { 
    $value = '%'.$value.'%'; 
} 

$types = ""; 
for($i = 0; $i<sizeof($user_terms); $i++) { 
    $types .= "s"; 
} 

$terms = array_merge(array($types), $user_terms); 

// the array $terms now contains: { "sss", "%a%", "%b%", "%c%" } 

$sql = "SELECT ... ?,?,?" // edit your sql here 

$stmt = $mysqli->prepare($sql) 

call_user_func_array(array($stmt, 'bind_param'), $terms);

来源

2012-06-22 08:34:53 Brad

+0

我会搏一搏,但我猜的代码行会是这样的:'call_user_func_array(阵列($语句,'bind_param'),$ each); '?我也需要将$与$ each连接起来,因为它是一个LIKE语句?莫非这样代替'call_user_func_array(阵列($语句, 'bind_param'),$每= '%' $各 '%'。); '? – user1394925

+0

好的,我尝试这样:'call_user_func_array(阵列($语句, 'bind_param'),$每= '%' $各 '%'。); '但是如果我在正确的词语输入诸如“AAA”,它无法找到结果作为旧版本的MySQL代码,它没有找到工作的结果代码 – user1394925

+0

更新的答案。关键是要确保'$ types'变量具有相同数量的's'字符作为搜索$ user_terms也必须在'$ sql'匹配的'?'字符数 – Brad

相关问题

 相关问题