PHP + MYSQLI:具有准备好的语句的可变参数/结果绑定 [英] PHP + MYSQLI: Variable parameter/result binding with prepared statements

问题描述

在我要结束的项目中，我已经编写并实现了PHP的对象关系映射解决方案.在怀疑者和做梦者大喊到底怎么了?"之前，请放松一下-我还没有找到一种方法来进行后期的静态绑定工作-我只是尽我所能地尽力而为. >

无论如何，由于我无法提出一种将可变数量的参数传递给bind_params()或bind_result()方法的方法，所以我目前没有使用准备好的语句进行查询.

您问，为什么我需要支持可变数量的参数?因为模型的超类(将我的解决方案看作是经过黑客攻击的PHP ActiveRecord的想像)是定义查询的位置，所以例如find()方法不知道需要绑定多少个参数.

现在，我已经考虑过构建一个参数列表并将字符串传递给eval()，但是我不太喜欢这种解决方案-我宁愿只是实现自己的安全检查并传递语句

有人对如何完成这项工作有任何建议(或成功案例)吗?如果您可以帮助我解决第一个问题，也许我们可以解决绑定结果集的问题(我怀疑这会更困难，或者如果涉及到用于确定表结构的初始查询，则至少会占用更多资源).

解决方案

在PHP中，您可以使用

Anyway, I'm not currently using prepared statements for querying, because I couldn't come up with a way to pass a variable number of arguments to the bind_params() or bind_result() methods.

Why do I need to support a variable number of arguments, you ask? Because the superclass of my models (think of my solution as a hacked-up PHP ActiveRecord wannabe) is where the querying is defined, and so the find() method, for example, doesn't know how many parameters it would need to bind.

Now, I've already thought of building an argument list and passing a string to eval(), but I don't like that solution very much -- I'd rather just implement my own security checks and pass on statements.

Does anyone have any suggestions (or success stories) about how to get this done? If you can help me solve this first problem, perhaps we can tackle binding the result set (something I suspect will be more difficult, or at least more resource-intensive if it involves an initial query to determine table structure).

解决方案

In PHP you can pass a variable number of arguments to a function or method by using call_user_func_array. An example for a method would be:

call_user_func_array(array(&$stmt, 'bindparams'), $array_of_params);

The function will be called with each member in the array passed as its own argument.

这篇关于PHP + MYSQLI:具有准备好的语句的可变参数/结果绑定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！