0

在旧的 mysql 代码中,我有一个查询,它运行良好,如下所示:

$questioncontent = (isset($_GET['questioncontent'])) ? $_GET['questioncontent'] : '';

$searchquestion = $questioncontent;
$terms = explode(" ", $searchquestion);

$questionquery = "
SELECT q.QuestionId, q.QuestionContent, o.OptionType, an.Answer, r.ReplyType, 
  FROM Answer an 
  INNER JOIN Question q ON q.AnswerId = an.AnswerId
  JOIN Reply r ON q.ReplyId = r.ReplyId 
  JOIN Option_Table o ON q.OptionId = o.OptionId 

                 WHERE ";

    foreach ($terms as $each) {     
        $i++;         

        if ($i == 1){         
            $questionquery .= "q.QuestionContent LIKE `%$each%` ";     
            } else {         
                $questionquery .= "OR q.QuestionContent LIKE `%$each%` ";    
                 } 
                 }  

                 $questionquery .= "GROUP BY q.QuestionId, q.SessionId ORDER BY "; $i = 0; foreach ($terms as $each) {     
                     $i++;      

        if ($i != 1)         
        $questionquery .= "+";     
        $questionquery .= "IF(q.QuestionContent LIKE `%$each%` ,1,0)"; 
        } 

        $questionquery .= " DESC ";

但是由于旧的 mysql 正在逐渐消失,人们说要使用 PDO 或 mysqli(由于我目前拥有的 php 版本,不能使用 PDO),我尝试将我的代码更改为 mysqli,但这给我带来了问题。在下面的代码中,我省略了 bind_params 命令,我的问题是如何在下面的查询中绑定参数?它需要能够绑定多个$each,因为用户能够输入多个术语,并且每个$each都被归类为术语。

以下是同一查询的当前 mysqli 代码:

     $questioncontent = (isset($_GET['questioncontent'])) ? $_GET['questioncontent'] : '';

        $searchquestion = $questioncontent;
        $terms = explode(" ", $searchquestion);

        $questionquery = "
        SELECT q.QuestionId, q.QuestionContent, o.OptionType, an.Answer, r.ReplyType, 
          FROM Answer an 
          INNER JOIN Question q ON q.AnswerId = an.AnswerId
          JOIN Reply r ON q.ReplyId = r.ReplyId 
          JOIN Option_Table o ON q.OptionId = o.OptionId 

                         WHERE ";

    foreach ($terms as $each) {     
                $i++;         

                if ($i == 1){         
  $questionquery .= "q.QuestionContent LIKE ? ";     
                    } else {         
  $questionquery .= "OR q.QuestionContent LIKE ? ";    
                         } 
                         }  

 $questionquery .= "GROUP BY q.QuestionId, q.SessionId ORDER BY "; $i = 0; foreach ($terms as $each) {     
                             $i++;      

                if ($i != 1)         
                $questionquery .= "+";     
                $questionquery .= "IF(q.QuestionContent LIKE ? ,1,0)"; 
                } 

                $questionquery .= " DESC ";



            $stmt=$mysqli->prepare($questionquery);      
            $stmt->execute();
            $stmt->bind_result($dbQuestionId,$dbQuestionContent,$dbOptionType,$dbAnswer,$dbReplyType); 
            $questionnum = $stmt->num_rows();
4

1 回答 1

4

看看这篇关于call_user_func_array与.bind_param()

mysqli_stmt_bind_param 上的 PHP 文档中,它说以下...

笔记:

将 mysqli_stmt_bind_param() 与 call_user_func_array() 一起使用时必须小心。请注意,mysqli_stmt_bind_param() 需要通过引用传递参数,而 call_user_func_array() 可以接受可以表示引用或值的变量列表作为参数。

你会想要使用这样的东西

call_user_func_array(array($stmt, 'bind_param'), $terms);

您可以确保?SQL 字符串中出现正确数量的字符$stmt

[编辑]

这是一个工作示例

// user entered search strings
$user_terms = array("a", "b", "c");

// append your wildcard "%" to all elements. you must use "&" reference on &$value
foreach ($user_terms as &$value) {
    $value = '%'.$value.'%';
}

$types = "";
for($i = 0; $i<sizeof($user_terms); $i++) {
    $types .= "s";
}

$terms = array_merge( array($types), $user_terms);

// the array $terms now contains: { "sss", "%a%", "%b%", "%c%" }

$sql = "SELECT ... ?,?,?"    // edit your sql here

$stmt = $mysqli->prepare($sql)

call_user_func_array(array($stmt, 'bind_param'), $terms);
于 2012-06-22T08:34:53.183 回答