如何将未知数量的参数与Mysqli绑定?例如,按照我的代码:
<?php
include 'config.php';
$query = "SELECT * FROM table WHERE";
if(isset($_POST['r1']))
$query = $query." id = '$_POST['r1']'";
if(isset($_POST['r2']))
$query = $query." AND par2 = '$_POST['r2']'";
$e = mysqli_prepare($conf, $query);
?>
如何进行参数绑定?
准备好的语句可能不是最好的方法。只要确保转义任何用户输入,就可以像现在这样组装查询。例如:
<?php
// assuming $db is a mysqli object
$query = "SELECT * FROM table WHERE";
if(isset($_POST['r1']))
$query = $query."id = '".$db->real_escape_string($_POST['r1'])."'";
if(isset($_POST['r2']))
$query = $query." AND par2 = '".$db->real_escape_string($_POST['r2'])."'";
$result = $db->query($query);
?>
不要忘记添加任何必需的错误检查。