Php 使用IN指令搜索准备好的语句
我的目的是查找表中与存储在字符串中的集合匹配的所有项:Php 使用IN指令搜索准备好的语句,php,mysql,sql,mysqli,Php,Mysql,Sql,Mysqli,我的目的是查找表中与存储在字符串中的集合匹配的所有项: $array=array("item1","item2","item3","item4");//This is dynamically filled, this is just an example $in_list = "'".implode("','",$array)."'";//that's why i use implode $stmt = $this->db->prepare('SELECT libelle,acti
$array=array("item1","item2","item3","item4");//This is dynamically filled, this is just an example
$in_list = "'".implode("','",$array)."'";//that's why i use implode
$stmt = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements where type IN ('.$in_list.')');
$stmt->bind_param("s", $in_list);
$stmt->execute();
$stmt->bind_result($libelle,$activite,$adresse,$tel,$lat,$lng);
这似乎并不完美,它总是给我以下警告:
mysqli_stmt::bind_param() [<a href='mysqli-stmt.bind-param'>mysqli-stmt.bind-param</a>]: Number of elements in type definition string doesn't match number of bind variables in <b>/homepages/25/d399726988/htdocs/
但是由于我必须处理这个问题,它对我来说变得有点复杂。准备好的语句没有参数,因为您在准备语句之前已将列表插入到语句中
$array=array("item1","item2","item3","item4");
//This is dynamically filled, this is just an example
$in_list = "'".implode("','",$array)."'";//that's why i use implode
$stmt = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements where type IN ('.$in_list.')');
此时,您创建的SQL语句是:
SELECT libelle,activite,adresse,tel,lat,lng
FROM etablissements where type IN ('item1','Item2','Item3','Item4')
由于语句没有参数,mysqli_stmt::bind_param
失败。不要在语句中插入项(容易被注入),而是插入一个参数字符串,然后绑定值(必须分开)
PDO的绑定接口更简单
$array=array("item1","item2","item3","item4");
if (count($in_list) > 0) {
$query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)');
foreach ($in_list as $i => $arg) {
// query params are 1-based, so add 1 to the index
// PDO::PARAM_STR is the default type, so no need to pass 3rd arg
$query->bindValue($i+1, $arg);
}
$query->execute();
// no need to bind the result
}
事实上,PDO更简单,因为它可以获取参数值列表:
$array=array("item1","item2","item3","item4");
if (count($in_list) > 0) {
$query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)');
$query->execute($in_list);
}
准备好的语句没有参数,因为在准备语句之前已将列表插入语句中
$array=array("item1","item2","item3","item4");
//This is dynamically filled, this is just an example
$in_list = "'".implode("','",$array)."'";//that's why i use implode
$stmt = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements where type IN ('.$in_list.')');
此时,您创建的SQL语句是:
SELECT libelle,activite,adresse,tel,lat,lng
FROM etablissements where type IN ('item1','Item2','Item3','Item4')
由于语句没有参数,mysqli_stmt::bind_param
失败。不要在语句中插入项(容易被注入),而是插入一个参数字符串,然后绑定值(必须分开)
PDO的绑定接口更简单
$array=array("item1","item2","item3","item4");
if (count($in_list) > 0) {
$query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)');
foreach ($in_list as $i => $arg) {
// query params are 1-based, so add 1 to the index
// PDO::PARAM_STR is the default type, so no need to pass 3rd arg
$query->bindValue($i+1, $arg);
}
$query->execute();
// no need to bind the result
}
事实上,PDO更简单,因为它可以获取参数值列表:
$array=array("item1","item2","item3","item4");
if (count($in_list) > 0) {
$query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)');
$query->execute($in_list);
}
如果您打印
$in_list
它是一个用逗号分隔的列表:'item1'、'item2'、'item3'
可能重复的可能重复如果您打印$in_list
它是一个用逗号分隔的列表:'item1'、'item2'、'item3'
可能重复的可能重复的