Mysqli绑定-参数数量未知 [英] Mysqli bind - unknown number of parameters

问题描述

如何将未知数量的参数与Mysqli绑定?例如，按照我的代码:

How to bind unknown number of parameters with Mysqli? For example, following my code:

<?php
include 'config.php';
$query = "SELECT * FROM table WHERE";
if(isset($_POST['r1']))
  $query = $query." id = '$_POST['r1']'";
if(isset($_POST['r2']))
  $query = $query." AND par2 = '$_POST['r2']'";
$e = mysqli_prepare($conf, $query);
?>

如何绑定参数?

推荐答案

准备的语句可能不是最好的方法.只要您确保逃避任何用户输入，就可以按照自己的方式组装查询.例如:

Prepared statements probably aren't the best way to do this. You can assemble a query just as you are doing, as long as you make sure that you escape any user input. For example:

<?php

// assuming $db is a mysqli object

$query = "SELECT * FROM table WHERE";
if(isset($_POST['r1']))
  $query = $query."id = '".$db->real_escape_string($_POST['r1'])."'";
if(isset($_POST['r2']))
  $query = $query." AND par2 = '".$db->real_escape_string($_POST['r2'])."'";

$result = $db->query($query);
?>

别忘了添加任何必需的错误检查.

Don't forget to add any required error checking.

这篇关于Mysqli绑定-参数数量未知的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！