我试图将简单的MySQLi查询转换为PDO准备语句这是旧代码
if($mode=='')
{
$query="SELECT * FROM items WHERE 1";
if($CuisineId != '')
{
$query=$query. " AND CuisineId='$CuisineId' ";
}
if($CategoryId != '')
{
$query=$query. " AND CategoryId='$CategoryId' ";
}
if($DietId != '')
{
$query=$query. " AND DietId='$DietId' ";
}
$query=$query. " ORDER BY Name ";
$result= execute_query($con,$query) or die(mysqli_error($con));
echo "<option value=''>Select One</option>";
while ($row=mysqli_fetch_array($result)) {
echo "<option value=". $row['Id'] .">" . $row['Name'] . "</option>";
}
}
带有预准备语句的新代码看起来像这样,并且工作正常
if($mode=='')
{
$query="SELECT * FROM items WHERE 1";
if($CuisineId != '')
{
$query=$query. " AND CuisineId=? ";
}
if($CategoryId != '')
{
$query=$query. " AND CategoryId=? ";
}
if($DietId != '')
{
$query=$query. " AND DietId=? ";
}
$query=$query. " ORDER BY Name ";
$stmt = $con->prepare($query);
$stmt->execute(array($CuisineId,$CategoryId,$DietId));
$stmt->setFetchMode(PDO::FETCH_ASSOC);
echo "<option value=''>Select One</option>";
while($row = $stmt->fetch()) {
echo "<option value=". $row['Id'] .">" . $row['Name'] . "</option>";
}
}
这个新代码工作正常,但这是新代码中最坏的情况。如果$CuisineId
或$CategoryId
或$DietId
为空怎么办?查询不会连接,并将在此行上引发错误
$stmt->execute(array($CuisineId,$CategoryId,$DietId));
如果我开始做 IF ELSE 将有所有的可能性,这将使我的代码太长。有什么办法可以解决这个问题吗?
提前谢谢你:)
不需要与此查询连接
SELECT *
FROM items
WHERE (? is null or CuisineId = ?)
and (? is null or CategoryId = ?)
and (? is null or DietId = ?)
ORDER BY Name