Mysqli绑定-参数数量未知 [英] Mysqli bind - unknown number of parameters
本文介绍了Mysqli绑定-参数数量未知的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
如何将未知数量的参数与Mysqli绑定?例如,按照我的代码:
How to bind unknown number of parameters with Mysqli? For example, following my code:
<?php
include 'config.php';
$query = "SELECT * FROM table WHERE";
if(isset($_POST['r1']))
$query = $query." id = '$_POST['r1']'";
if(isset($_POST['r2']))
$query = $query." AND par2 = '$_POST['r2']'";
$e = mysqli_prepare($conf, $query);
?>
如何绑定参数?
推荐答案
准备的语句可能不是最好的方法.只要您确保逃避任何用户输入,就可以按照自己的方式组装查询.例如:
Prepared statements probably aren't the best way to do this. You can assemble a query just as you are doing, as long as you make sure that you escape any user input. For example:
<?php
// assuming $db is a mysqli object
$query = "SELECT * FROM table WHERE";
if(isset($_POST['r1']))
$query = $query."id = '".$db->real_escape_string($_POST['r1'])."'";
if(isset($_POST['r2']))
$query = $query." AND par2 = '".$db->real_escape_string($_POST['r2'])."'";
$result = $db->query($query);
?>
别忘了添加任何必需的错误检查.
Don't forget to add any required error checking.
这篇关于Mysqli绑定-参数数量未知的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文