Php 以PDO格式重写循环内部的查询
我是PDO新手,目前正在尝试重写所有查询。我在重写时遇到困难的一个查询是,因为它是在循环中编写的:Php 以PDO格式重写循环内部的查询,php,mysql,pdo,Php,Mysql,Pdo,我是PDO新手,目前正在尝试重写所有查询。我在重写时遇到困难的一个查询是,因为它是在循环中编写的: $search = $_GET['search']; $code = explode(" ", $search); $code_count = count($code); $query = "SELECT * FROM table"; if($search != "") { if($code_count == 1) { $query .= " WHERE team LIKE '%".
$search = $_GET['search'];
$code = explode(" ", $search);
$code_count = count($code);
$query = "SELECT * FROM table";
if($search != "")
{
if($code_count == 1)
{
$query .= " WHERE team LIKE '%".mysql_real_escape_string($search)."%'";
} elseif($code_count > 1)
{
for($j=0;$j<$code_count;$j++)
{
if($j != 0)
{
$query .= " OR ";
} else
{
$query .= " WHERE team LIKE '%".mysql_real_escape_string($code[$j])."%' OR ";
}
$query .= " team LIKE '%".mysql_real_escape_string($code[$j])."%'";
}
$query .= "ORDER BY team ASC";
}
} else
{
$query = "SELECT * FROM table ORDER BY team ASC";
}
$result = mysql_query($query)or die(mysql_error());
$search=$\u GET['search'];
$code=explode(“,$search”);
$code\u count=计数($code);
$query=“从表中选择*”;
如果($search!=“”)
{
如果($code_count==1)
{
$query.=“WHERE团队喜欢“%”。mysql\u real\u escape\u string($search)。“%”;
}其他($code\u count>1)
{
对于($j=0;$jprepare($query);
$stmt->bindValue(1,“%$search%”,PDO::PARAM_STR);
$stmt->execute();
}其他($code\u count>1)
{
对于($j=0;$jprepare($query);
$stmt->bindValue(1,“%$code[$j]”,PDO::PARAM_STR);
$stmt->execute();
}
$query.=“团队ASC订单”;
}
}否则
{
$query=“按团队ASC从表顺序中选择*”;
}
$result=$stmt->fetchAll(PDO::FETCH_ASSOC);
这种方法运气不太好。我一直收到一条错误消息:“nvalid参数编号:绑定变量的数量与令牌的数量不匹配”
有什么想法吗
谢谢
Lance当您自己不指定名称时,绑定参数被命名为
1
到n
。您需要更改此行:
$stmt->bindValue(1, "%$code[$j]%", PDO::PARAM_STR);
为此:
$stmt->bindValue($j + 1, "%" . $code[$j] . "%", PDO::PARAM_STR);
您的重写过程中有几个错误:
- 在构造查询的过程中,您多次调用prepare/bind/execute。在完全构造查询字符串之后,您应该只调用prepare一次,在构造查询之后,再调用bind+execute
- 在循环的每次迭代中,您都会向查询添加一个或两个(如果j==0)参数,但您会尝试只为每个循环绑定一个参数,这样数字就不会累加
// building query
if($search != "")
{
$query = 'SELECT * FROM table ';
if($code_count == 1)
{
// note: this if is unneccessary, the loop below would generate a good SQL even for code_count 0 or 1
$query .= "WHERE team LIKE ?";
} elseif($code_count > 1)
{
for($j=0;$j<$code_count;$j++)
{
if($j != 0)
{
$query .= " OR ";
} else
{
$query .= " WHERE ";
}
$query .= " team LIKE ? ";
}
$query .= "ORDER BY team ASC";
}
} else
{
$query = "SELECT * FROM table ORDER BY team ASC";
}
// preparing
$stmt = $db->prepare($query);
// binding parameters
if($search != '' && $code_count >= 1) {
for($j=0;$j<$code_count;$j++){
$stmt->bindValue($j+1, "%".$code[$j]."%", PDO::PARAM_STR);
}
}
// execute
$stmt->execute();
// fetch
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
//生成查询
如果($search!=“”)
{
$query='SELECT*FROM table';
如果($code_count==1)
{
//注意:如果这是不必要的,那么下面的循环将生成一个好的SQL,即使代码计数为0或1
$query.=“团队喜欢什么?”;
}其他($code\u count>1)
{
对于($j=0;$jprepare($query);
//绑定参数
如果($search!=''&&$code\u count>=1){
对于($j=0;$jbindValue($j+1,“%”,$code[$j]。“%”,PDO::PARAM_STR);
}
}
//执行
$stmt->execute();
//取回
$result=$stmt->fetchAll(PDO::FETCH_ASSOC);
由于可以向传递一组参数,而不是手动绑定每个参数,因此可以极大地简化整个过程:
$code = explode(' ', $_GET['search']);
$stmt = $db->prepare('
SELECT *
FROM table
WHERE FALSE ' . str_repeat(' OR team LIKE ?', count($code)) . '
ORDER BY team ASC
');
$stmt->execute($code);
$code = explode(' ', $_GET['search']);
$stmt = $db->prepare('
SELECT *
FROM table
WHERE FALSE ' . str_repeat(' OR team LIKE ?', count($code)) . '
ORDER BY team ASC
');
$stmt->execute($code);