2012-01-25 75 views
2

我的目的是找到匹配存儲在一個字符串的集合,該表中的所有項目進行搜索:使用IN指令用事先準備好的聲明中

$array=array("item1","item2","item3","item4");//This is dynamically filled, this is just an example 
$in_list = "'".implode("','",$array)."'";//that's why i use implode 

$stmt = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements where type IN ('.$in_list.')'); 

     $stmt->bind_param("s", $in_list); 
     $stmt->execute(); 
     $stmt->bind_result($libelle,$activite,$adresse,$tel,$lat,$lng); 

這似乎並不完美,它總是拋出我以下警告:

mysqli_stmt::bind_param() [<a href='mysqli-stmt.bind-param'>mysqli-stmt.bind-param</a>]: Number of elements in type definition string doesn't match number of bind variables in <b>/homepages/25/d399726988/htdocs/ 

如果我有一個參數,這將是顯而易見的:

$stmt = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements where type =?'); 
$stmt->bind_param("s", $parameter); 

但是由於我必須處理這個問題,對我來說變得有點複雜。

+0

你是怎麼得到,如果你打印'$ in_list' –

+0

這是一個列表用逗號分隔:'item1','item2','item3'' – Malloc

+1

[PDO with「WHERE ... IN」queries]的可能重複(http://stackoverflow.com/questions/2373562/pdo-with查詢中的問題) –

回答

4

準備好的語句沒有參數,因爲您在準備好之前已將列表插入到語句中。

$array=array("item1","item2","item3","item4"); 
//This is dynamically filled, this is just an example 
$in_list = "'".implode("','",$array)."'";//that's why i use implode 

$stmt = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements where type IN ('.$in_list.')'); 

在這一點上,你所創建的SQL語句是:

SELECT libelle,activite,adresse,tel,lat,lng 
FROM etablissements where type IN ('item1','Item2','Item3','Item4') 

由於聲明沒有參數,mysqli_stmt::bind_param失敗。而不是插入到聲明(易受注入)中的項目,插入一串參數,然後綁定值(必須保持分開)。

$array=array("item1","item2","item3","item4"); 

if (count($in_list) > 0) { 
    $query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)'); 

    $args = $in_list; 
    array_unshift($args, str_repeat('s', count($in_list))); 
    call_user_func_array(array($query, 'bind_param'), $args); 
    $query->execute(); 
    $query->bind_result($libelle,$activite,$adresse,$tel,$lat,$lng); 
} 

PDO的綁定接口更直接。

$array=array("item1","item2","item3","item4"); 

if (count($in_list) > 0) { 
    $query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)'); 

    foreach ($in_list as $i => $arg) { 
     // query params are 1-based, so add 1 to the index 
     // PDO::PARAM_STR is the default type, so no need to pass 3rd arg 
     $query->bindValue($i+1, $arg); 
    } 
    $query->execute(); 
    // no need to bind the result 
} 

事實上,它甚至可以與PDO簡單,因爲PDOStatement::execute可以採取的參數值的列表:

$array=array("item1","item2","item3","item4"); 

if (count($in_list) > 0) { 
    $query = $this->db->prepare('SELECT libelle,activite,adresse,tel,lat,lng FROM etablissements WHERE type IN (' . str_repeat('?, ', count($in_list)-1) . '?)'); 

    $query->execute($in_list); 
} 
相關問題