Php 使用IN指令搜索准备好的语句_Php_Mysql_Sql_Mysqli

Php 使用IN指令搜索准备好的语句

php mysql sql

Php 使用IN指令搜索准备好的语句,php,mysql,sql,mysqli,Php,Mysql,Sql,Mysqli,我的目的是查找表中与存储在字符串中的集合匹配的所有项： $array=array("item1","item2","item3","item4");//This is dynamically filled, this is just an example $in_list = "'".implode("','",$array)."'";//that's why i use implode $stmt = $this->db->prepare('SELECT libelle,acti

我的目的是查找表中与存储在字符串中的集合匹配的所有项：

$array=array("item1","item2","item3","item4");//This is dynamically filled, this is just an example
$in_list = "'".implode("','",$array)."'";//that's why i use implode

$stmt = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements where type IN ('.$in_list.')');

        $stmt->bind_param("s", $in_list);
        $stmt->execute();
        $stmt->bind_result($libelle,$activite,$adresse,$tel,$lat,$lng);

这似乎并不完美，它总是给我以下警告：

mysqli_stmt::bind_param() [<a href='mysqli-stmt.bind-param'>mysqli-stmt.bind-param</a>]: Number of elements in type definition string doesn't match number of bind variables in <b>/homepages/25/d399726988/htdocs/

但是由于我必须处理这个问题，它对我来说变得有点复杂。

准备好的语句没有参数，因为您在准备语句之前已将列表插入到语句中

$array=array("item1","item2","item3","item4");
//This is dynamically filled, this is just an example
$in_list = "'".implode("','",$array)."'";//that's why i use implode

$stmt = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements where type IN ('.$in_list.')');

此时，您创建的SQL语句是：

SELECT libelle,activite,adresse,tel,lat,lng 
FROM etablissements where type IN ('item1','Item2','Item3','Item4')

由于语句没有参数，

mysqli_stmt:：bind_param

失败。不要在语句中插入项（容易被注入），而是插入一个参数字符串，然后绑定值（必须分开）

PDO的绑定接口更简单

$array=array("item1","item2","item3","item4");

if (count($in_list) > 0) {
    $query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)');

    foreach ($in_list as $i => $arg) {
        // query params are 1-based, so add 1 to the index
        // PDO::PARAM_STR is the default type, so no need to pass 3rd arg
        $query->bindValue($i+1, $arg);
    }
    $query->execute();
    // no need to bind the result
}

事实上，PDO更简单，因为它可以获取参数值列表：

$array=array("item1","item2","item3","item4");

if (count($in_list) > 0) {
    $query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)');

    $query->execute($in_list);
}

准备好的语句没有参数，因为在准备语句之前已将列表插入语句中

$array=array("item1","item2","item3","item4");
//This is dynamically filled, this is just an example
$in_list = "'".implode("','",$array)."'";//that's why i use implode

$stmt = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements where type IN ('.$in_list.')');

此时，您创建的SQL语句是：

SELECT libelle,activite,adresse,tel,lat,lng 
FROM etablissements where type IN ('item1','Item2','Item3','Item4')

由于语句没有参数，

mysqli_stmt:：bind_param

失败。不要在语句中插入项（容易被注入），而是插入一个参数字符串，然后绑定值（必须分开）

PDO的绑定接口更简单

$array=array("item1","item2","item3","item4");

if (count($in_list) > 0) {
    $query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)');

    foreach ($in_list as $i => $arg) {
        // query params are 1-based, so add 1 to the index
        // PDO::PARAM_STR is the default type, so no need to pass 3rd arg
        $query->bindValue($i+1, $arg);
    }
    $query->execute();
    // no need to bind the result
}

事实上，PDO更简单，因为它可以获取参数值列表：

$array=array("item1","item2","item3","item4");

if (count($in_list) > 0) {
    $query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)');

    $query->execute($in_list);
}

如果您打印

$in_list

它是一个用逗号分隔的列表：

'item1'、'item2'、'item3'

可能重复的可能重复如果您打印

$in_list

它是一个用逗号分隔的列表：

'item1'、'item2'、'item3'

可能重复的可能重复的