Php 将SQL查询更改为具有条件的已准备语句
我正在尝试将此查询更改为带有prepared语句的查询,但由于条件原因,我遇到了一些问题。 这是我的基本疑问:Php 将SQL查询更改为具有条件的已准备语句,php,mysql,prepared-statement,Php,Mysql,Prepared Statement,我正在尝试将此查询更改为带有prepared语句的查询,但由于条件原因,我遇到了一些问题。 这是我的基本疑问: function ResponseByQuery($link,$idQuery,$Boutique=null, $agency=null){ $from_agence = ""; $req_agence = ""; $req_boutique = ""; if($Boutique!=null){ $req_boutique = " AN
function ResponseByQuery($link,$idQuery,$Boutique=null, $agency=null){
$from_agence = "";
$req_agence = "";
$req_boutique = "";
if($Boutique!=null){
$req_boutique = " AND C.idUser ='" . $Boutique . "' ";
}
if($agency!=null){
$from_agence = ", infos_client as IRC2";
$req_agence = " AND IRC.idClient = IRC2.idClient
AND IRC2.valueInfo = '". $agency."'";
}
$sql = "SELECT distinct(C.idClient), R.indiceRequete
FROM `infos_client` as IRC, client as C, user as U, requete as R ".$from_agence."
WHERE IRC.idQuery='" . $idQuery . "'".
$req_boutique.
"AND IRC.idCl = C.idCl
AND C.idUser=U.idUser".$req_agence;
$result = mysqli_query($link,$sql) or die("Query (- $sql -) failed");
$count = mysqli_num_rows($result);
}
我把它改成这样:
function ResponseByQuery($link,$idQuery,$Boutique=null, $agency=null){
$from_agence = "";
$req_agence = "";
$req_boutique = "";
if($Boutique!=null){
$req_boutique = " AND C.idUser ='" . $Boutique . "' ";
}
if($agency!=null){
$from_agence = ", infos_client as IRC2";
$req_agence = " AND IRC.idClient = IRC2.idClient
AND IRC2.valueInfo = '". $agency."'";
}
$sql = "SELECT distinct(C.idClient), R.indiceRequete
FROM `infos_client` as IRC, client as C, user as U, requete as R ".$from_agence."
WHERE IRC.idQuery =?".
$req_boutique.
"AND IRC.idCl = C.idCl
AND C.idUser=U.idUser".$req_agence;
$stmt = $link->prepare($sql);
$stmt->bind_param('i', $idQuery);
$result = $stmt->execute() or die("Query (- $sql -) failed");
$result = $stmt->get_result();
$count = mysqli_num_rows($result);
}
但我不知道如何将条件$req_finite、$req_agence更改为prepared语句?您可以用占位符替换$req_finite和$req_agence条件中的内联变量,然后有条件地将值绑定到它们:
if($Boutique!=null){
$req_boutique = " AND C.idUser = ? ";
}
if($agency!=null){
$from_agence = ", infos_client as IRC2";
$req_agence = " AND IRC.idClient = IRC2.idClient
AND IRC2.valueInfo = ? ";
}
$sql = "SELECT distinct(C.idClient), R.indiceRequete
FROM `infos_client` as IRC, client as C, user as U, requete as R ".$from_agence."
WHERE IRC.idQuery =? ".
$req_boutique.
"AND IRC.idCl = C.idCl
AND C.idUser=U.idUser".$req_agence;
$stmt = $link->prepare($sql);
$types = 'i';
$vars = [$idQuery];
if ($Boutique != null) {
$types .= 's';
$vars[] = $Boutique;
}
if ($agency!= null) {
$types .= 's';
$vars[] = $agency;
}
$stmt->bind_param($types, ...$vars);
如果您使用PDO而不是mysqli,那会容易得多。是的,但是我在我的所有项目中都使用了mysqli:请同时阅读这两个链接:谢谢。我尝试了如下方法:ifstrlen$types==1{$stmt->bind_param$types,$vars[0];}否则ifstrlen$types==2{$stmt->bind_param$types,$vars[0],$vars[1]}else ifstrlen$bindTypes===3{$stmt->bind_-param$types,$vars[0],$vars[1],$vars[2];}$stmt->bind_-param$types,$vars;但我有一个错误:未捕获错误:在中调用布尔值上的成员函数bind_param..您是否尝试了我发布的代码?该错误意味着准备失败,您可以尝试echo$link->error;在prepare?Yes之后,它是mysql查询中的一个错误空间。我现在修好了,它可以工作了。非常感谢你有一个美好的一天:@ WebDeV如果它工作,请考虑标记答案接受。当其他用户搜索类似的问题时,它的排名会更高。你知道如何用一个准备好的语句插入一个数组吗?我的数组:$array_info[]=NULL'$idQuery。“,”。addslashes$标题。“,”。addslashes$data[$indData-1];初始查询$sql=插入到info\u客户端IDIFOClient、idQuery、libInfo、valueInfo值中。内爆$array_info;;我将其更改为:$sql=INSERT-INTO-info_-client-idInfoClient、idQuery、libInfo、valueInfo-VALUES$stmt=$link->prepare$sql$stmt->param_count's',内爆$array_info[],;