如果我們假設,$ answer和$ fullname是您的quiz_answer和user_fullname參數。 這可能會實現:
$answerString = 'IS NULL';
$userString = 'IS NULL';
if (trim($answer) && $answer != 'null') $answerString = '= ?';
if (trim($user) && $user != 'null') $userString = '= ?';
$query="DELETE FROM table WHERE ( quiz_answer $answerString ) AND (user_fullname $userString)";
$stmt = $mysqli->prepare($query);
if ($answer && ! $fullname) $stmt->bind_param('s',array($answer));
if ($answer && $fullname) $stmt->bind_param('ss',array($answer, $fullname));
if (! $answer && $fullname) $stmt->bind_param('s',array($fullname));
$stmt->execute();
,但我也建議更多的PARAM驗證被甚至參數結合將它們插入到SQL查詢之前執行。
我不明白你爲什麼要將參數綁定到MySQL語法? – BenM
檢查http://www.php.net/manual/en/mysqli.prepare.php – Damodaran
我想用bind參數來防止sql注入 –