php mysqli準備好聲明

Question

嘿，我有一個快速的。有沒有辦法將變量包含到準備好的查詢中？例如：

$sql = "SELECT id, title, author, LEFT(description, 40) AS excerpt, 
       image_small, image_med, date 
     FROM posts 
     ORDER BY id DESC 
     LIMIT $start, $postsPerPage"; 

$result = $connect->prepare($sql) or die ('error'); 
$result->execute(); 
$result->bind_result($id, $title, $author, $excerpt, $image_small, $image_med, $date); 

謝謝！

Answer 1

找到更多的例子如下替換查詢中的變量：

$start = 1; $postsPerPage = 1; 
$sql = "SELECT id, title, author, LEFT(description, 40) AS excerpt, 
       image_small, image_med, date 
     FROM posts 
     ORDER BY id DESC 
     LIMIT ?, ?"; 

$stmt = $connect->prepare($sql) or die ('error'); 
$stmt->bind_param('ii', $start, $postsPerPage); 
$stmt->execute(); 
$stmt->bind_result($id, $title, $author, $excerpt, $image_small, $image_med, $date); 

while($stmt->fetch()) { 
    printf('<h1>%s</h1><p>%s <small> by %s on %s</small></p>', 
    htmlspecialchars($title), 
    htmlspecialchars($excerpt), 
    htmlspecialchars($author), 
    htmlspecialchars($date) 
); 
} 

此結合兩者問號到整數的$start$postsPerPage和（i）值。直接做準備語句中不使用變量，因爲那樣會（從消除解析時間間隔）

Answer 2

如果我沒有記錯，你必須使用bindParam和一個問號

$sql = "SELECT id, title, author, LEFT(description, 40) AS excerpt, 
       image_small, image_med, date 
     FROM posts 
     ORDER BY id DESC 
     LIMIT ?, ?"; 

$result = $connect->prepare($sql) or die ('error'); 
$result->bindParam(1, $start); 
$result->bindParam(2, $postsPerPage); 

你可以在你想http://php.net/manual/en/pdo.prepared-statements.php

Answer 3

• 使用問號在SQL您想要的變量值的佔位符擊敗預處理語句的全部目的成爲。使用mysqli_stmt::bind_param將值綁定到佔位符。