动态构建PHP PDO MySQL查询

Question

我正在转换网站上的旧式MySQL/PHP查询。我有一个包含一系列复选框的页面。这被提交，查询是基于检查哪些复选框建（至少有6样以下）：

if (xxxxx) { 
    $furthersort=$furthersort."AND age_birth='yes' "; 
    } 
if (xxxxx) { 
    $furthersort=$furthersort."AND age_three='yes' "; 
    } 

... 

$prequery = "SELECT id from products WHERE product_categories LIKE '%$catid%' ".$furthersort."ORDER BY product_name ASC"; 

我想这在移动第二部分PHP这样的：

$query = $objDb->prepare("SELECT id from products WHERE product_categories LIKE ? ? ORDER BY product_name ASC"); 
$params3 = array('%$catid%',$furthersort); 
$query->execute($params3); 
while ($row = $query->fetch(PDO::FETCH_ASSOC)); 

但它不工作。由if创建的变量是正确的，所以我确定这是因为我错过了对准备部分如何解释信息的理解，但我需要朝正确的方向推动。

Answer 1

你有两个问题。首先，你只能为LIKE条件一个绑定参数，所以你必须声明，以及随后的条件：

$query = $objDb->prepare("SELECT id from products WHERE product_categories LIKE ? AND age_three = ? ORDER BY product_name ASC"); 

现在你可以在阵列中发送两个值现在

$furthersort = 'yes'; 
$params3 = array("%$catid%", $furthersort); 

，给予我们不知道如何设置$furthersort很难提供准确的东西供您使用，但对于您添加到查询中的每种情况而言，只要说明一下，就必须添加另一个绑定参数，如果您打算继续沿着创建动态查询的行。这样做的逻辑比我在这里展示的要复杂得多。

Answer 2

像Blanchard先生指出的那样，您似乎无意中在您的LIKE子句中添加了2个占位符，而不是1个占位符。它应该是：

  <?php 
      // RIGHT AFTER THE LIKE YOU HAD 2 PLACE-HOLDERS: ? ? RATHER THAN JUST 1: ? 
      if (xxxxx) { 
       // YOU ARE CONCATENATING "AND" DIRECTLY TO THE $furthersort VARIABLE WITHOUT A SPACE: WRONG... 
       // $furthersort = $furthersort."AND age_birth='yes' "; 
       $furthersort = $furthersort." AND age_birth='yes' "; 
      } 
     if (xxxxx) { 
       // YOU ARE CONCATENATING "AND" DIRECTLY TO THE $furthersort VARIABLE AGAIN WITHOUT A SPACE: WRONG... 
       // $furthersort = $furthersort."AND age_three='yes' "; 
       $furthersort = $furthersort." AND age_three='yes' "; 
      } 

     ... 

     $prequery = "SELECT id from products WHERE product_categories LIKE '%"; 
     $prequery .= $catid . "%' " . $furthersort. " ORDER BY product_name ASC "; // <== WHITE SPACE IS GRATIS IN MYSQL 


     $sql  = "SELECT id from products WHERE product_categories LIKE :CAT_ID ORDER BY product_name ASC"; 
     $query  = $objDb->prepare($sql); 
     // $params3 = array('%$catid%', $furthersort);  <== VARIABLE INSIDE SINGLE QUOTES!!! YOU MAY USE DOUBLE QUOTES... 
     $params3 = array("CAT_ID"=>"%" . $catid . "%" . $furthersort); 
     $query->execute($params3); 
     while ($row = $query->fetch(PDO::FETCH_ASSOC));