Php 传递参数查询
我正试图从城市获取lat、lng。当我最近在查询中写下城市“Buffalo”时,它起作用了。我想使用不同的城市Php 传递参数查询,php,mysql,Php,Mysql,我正试图从城市获取lat、lng。当我最近在查询中写下城市“Buffalo”时,它起作用了。我想使用不同的城市 public function getLatLng($data, $city) { $count_data = count($data); for($i = 0; $i < $count_data; $i++) { $latlngs = array(); $stmt = $this -> conn -> prepare(
public function getLatLng($data, $city) {
$count_data = count($data);
for($i = 0; $i < $count_data; $i++) {
$latlngs = array();
$stmt = $this -> conn -> prepare("SELECT g.lat, g.lng
FROM news_locations AS nl INNER JOIN geolocations AS g
ON g.geolocation_id = nl.geolocation_id
WHERE nl.news_id = ". $data[$i]["news_id"] ."
AND nl.is_deleted = 0 AND g.city = 'Buffalo'");
if ($stmt -> execute()) {
$stmt -> bind_result($lat, $lng);
while($stmt -> fetch()) {
$row = array();
$row["lat"] = $lat;
$row["lng"] = $lng;
array_push($latlngs, $row);
}
$stmt -> close();
}
$data[$i]['latlng'] = array_values($latlngs);
}
return $data;
}
也试过
AND g.city = :city");
if ($stmt -> execute(array('city' => $city))) {
两者都不起作用。如何将参数$city传递给查询?连接字符串和变量:
g.city = '" . $city . "'"
比如:
您必须将变量绑定到sql语句。@Jumana您得到的指导很差。如果您在应用程序中使用了接受的答案,那么您的应用程序是不安全的。即使这样做有效,也不是最佳做法,因为它无法利用准备好的语句来保护查询。任何人都不应该使用这个答案。
g.city = '" . $city . "'"
$stmt = $this -> conn -> prepare("SELECT g.lat, g.lng
FROM news_locations AS nl INNER JOIN geolocations AS g
ON g.geolocation_id = nl.geolocation_id
WHERE nl.news_id = ". $data[$i]["news_id"] ."
AND nl.is_deleted = 0 AND g.city = '" . $city . "'");