用户给出多个参数的mysql搜索查询

Question

我正在开发一个使用php的搜索选项。在那里，我需要使用用户给定条件的用户可以搜索做搜索时，用户给ID，名称，状态这三种parameters.below的组合是我的代码

if(isset($_POST['search'])) 
    { 
     echo "<script> document.getElementById('tblsearch').style.display = 'block' </script> "; 

     $serviceNumber=$_POST['serviceNumber']; 
     $name=$_POST['name']; 
     $pendingfrom=$_POST['pendingfrom']; 
     $status=$_POST['status']; 
     $datefrom=$_POST['datefrom']; 
     $dateto=$_POST['dateto']; 
     $searchkey='serviceNumber'; 




$mysqli = new mysqli("localhost", "root", "", "user_management"); 

/* check connection */ 
if (mysqli_connect_errno()) { 
    printf("Connect failed: %s\n", mysqli_connect_error()); 
    exit(); 
} 

    $query = 'SELECT * FROM user WHERE '; 
    $where = array(); 
    $values = array(); 
    $types = ''; 

    if (!empty($_POST['serviceNumber'])) { 
     $where[] = 'serviceNumber = ?'; 
     $values[] = $_POST['serviceNumber']; 
     $types .= 'i'; 
    } 

    if (!empty($_POST['name'])) { 
     $where[] = 'Username = ?'; 
     $values[] = $_POST['name']; 
     $types .= 's'; 
    } 

    if (!empty($_POST['status'])) { 
     $where[] = 'status = ?'; 
     $values[] = $_POST['status']; 
     $types .= 's'; 
    } 



     $query .= implode(' AND ',$where); 
     printf("rows inserted: %d\n", $query); 



    printf("rows inserted: %d\n", $values); 

/* prepare statement */ 
if ($stmt = $mysqli->prepare($query)) { 

    /* Bind variable for placeholder */ 

    $stmt->bind_param($types,$values); 

    /* execute statement */ 

    $stmt->execute(); 
    $res = $stmt->get_result(); 
    $row = $res->fetch_assoc(); 

    printf("rows inserted: %d\n", $stmt->num_rows); 

    /* close statement */ 
    $stmt->close(); 
} 

/* close connection */ 
    $mysqli->close(); 

below line i was going confused,because $values is an array.i need to pass user given paremeters to this in order to execute.

$stmt->bind_param($types,$values); 

so in order to get correct results how do i need to do this.

Answer 1

试试以下：

 if(isset($_POST['search'])) 
     { 
     echo "<script> document.getElementById('tblsearch').style.display = 'block' </script> "; 

    $serviceNumber=$_POST['serviceNumber']; 
    $name=$_POST['name']; 
    $pendingfrom=$_POST['pendingfrom']; 
    $status=$_POST['status']; 
    $datefrom=$_POST['datefrom']; 
    $dateto=$_POST['dateto']; 
    $searchkey='serviceNumber'; 




$mysqli = new mysqli("localhost", "root", "", "user_management"); 

/* check connection */ 
if (mysqli_connect_errno()) { 
printf("Connect failed: %s\n", mysqli_connect_error()); 
exit(); 
} 

$query = 'SELECT * FROM user WHERE '; 

if (!empty($_POST['serviceNumber'])) { 
    $query .="serviceNumber='$searchkey' "; 

} 

if (!empty($_POST['name'])) { 
      $query .="and Username='$name' "; 

} 

if (!empty($_POST['status'])) { 
    $where[] = 'status = ?'; 
    $values[] = $_POST['status']; 
      $query .=" and status='$status' "; 
} 




/* prepare statement */ 
if ($stmt = $mysqli->prepare($query)) { 

/* Bind variable for placeholder */ 

$stmt->bind_param($types,$values); 

/* execute statement */ 

$stmt->execute(); 
$res = $stmt->get_result(); 
$row = $res->fetch_assoc(); 

printf("rows inserted: %d\n", $stmt->num_rows); 

/* close statement */ 
$stmt->close(); 
} 

    /* close connection */ 
$mysqli->close(); 

希望这有助于。

Answer 2

您可以使用call_user_func_array()通过一组参数调用函数。参数需要存储为参考，以便传递给bind_param方法。长话短说，你需要一个数组，其中第一个值是一个字符串，其余的是对你的参数的引用。

例如：

$bindParams = [$types]; 
foreach ($values as $key => $value) { 
    $bindParams[$key] = &$value; 
} 

call_user_func_array(
    [$stmt, 'bind_param'], //array with the object and the method - callable 
    $bindParams 
);