你爲什麼要打電話call_user_func_array(陣列($聲明,「bind_param '),$ bind_arguments)?因爲$ bind_arguments是一個數組。無論您有多少參數,您都可以擁有一個將語句綁定到其查詢參數的函數。良好的代碼
例...的惡意代碼
<?php
# link
$dblink = new mysqli('HOSTNAME','USERNAME','PASSWORD','DATABASENAME');
# example data
$statement = $dblink->prepare("SELECT * from Person WHERE FirstName = ? AND MiddleName = ? AND LastName = ? and Age = ?");
$recordvalues = ['John', 'H.', 'Smith', 25];
$sqlbindstring = "sssi"; # String, String, String, Integer example
# make the references
$bind_arguments = [];
$bind_arguments[] = $sqlbindstring;
foreach ($recordvalues as $recordkey => $recordvalue)
{
$bind_arguments[] = & $recordvalues[$recordkey]; # bind to array ref, not to the temporary $recordvalue
}
# query the db
call_user_func_array(array($statement, 'bind_param'), $bind_arguments); # bind arguments
$statement->execute(); # run statement
$result = $statement->get_result(); # get results
# get the results
if($result) {
while ($row = $result->fetch_assoc()) {
print("\n\nMy row is...");
print_r($row);
}
}
?>
例...
<?php
# Same setup as above..
$statement->prepare("SELECT * from Person WHERE FirstName = ? AND MiddleName = ? AND LastName = ? and Age = ?");
$statement->bind('John', 'H.", 'Smith', 25);
?>
在第一個例子:你可以傳遞儘可能多或儘可能少的結合是完成,以便bind()可能只在整個應用程序的一行中調用。這比例很好。
在第二個例子:你必須寫一個bind()的聲明中對每個可能組插入爲數據庫中的每一個可能的記錄。這比例很差。
我看到我在第一線的錯誤應該是: $型=陣列(「SS 「); – Columbo 2009-12-16 10:59:49
像這樣的情況下,我確信PDO優於mysqli。 – 2018-01-03 17:51:47