使用SET @variable=?在mysql准备好的语句中

PHP提供了现成的预处理语句和参数化查询，您可以直接使用它们。

$var1 = 1;
$var2 = 2;
$connection = new PDO($dsn, $user, $password);
$sql = 'SELECT * FROM table WHERE table.column1=:var1 AND table.column2=:var2 AND table.colum3=:varSum';
$statement = $connection->prepare($sql);
$statement->bindValue(':var1', $var1, PDO::PARAM_INT);
$statement->bindValue(':var2', $var2, PDO::PARAM_INT);
$statement->bindValue(':varSum', $var1 + $var2, PDO::PARAM_INT);
$statement->execute();

这段代码只是一个示例，没有经过测试。

你应该使用multi_query

    <?php
    $servername = "localhost";
    $username = "username";
    $password = "password";
    $dbname = "myDB";
    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    } 
    $sql=' SET @var1 = '.$v1.';
    SET @var2 = '.$v2.';
    SELECT * FROM table WHERE table.column1=@var1 
    AND table.column2=@var2
    AND table.colum3=@var1 * @var2;'
    if ($conn->multi_query($sql) === TRUE) {
        echo "New records created successfully";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
    $conn->close();
    ?>

这里有一个替代解决方案:将您的值输入到子查询中，然后您可以从那里引用它们:

function GetStuffFromTable(mysqli $db, int $column1, int $column2): array
{
    $sql = ' 
        SELECT * 
        FROM (SELECT ? var1, ? var2) vars
        INNER JOIN table 
        ON table.column1 = vars.var1 
        AND table.column2 = vars.var2
        AND table.column3 = vars.var1 * vars.var2;
    ';
    $statement = $db->prepare($sql);
    try
    {
        $statement->bind_param("ii", $column1, $column2);
        $statement->execute();
        $result = $stmt->get_result();
        return $statement->fetch_all($result);
    } finally {
        $statement->close();
    }
}

注意:我来这里是为了寻找同样问题的答案/我不太了解PHP，所以不能从PHP的角度评论这个解决方案的质量