php mysqli预准备语句
php mysqli预准备语句
提问于 2011-03-21 16:10:52
嘿,我有一个很快的。有没有办法将变量包含在准备好的查询中?示例:
$sql = "SELECT id, title, author, LEFT(description, 40) AS excerpt,
image_small, image_med, date
FROM posts
ORDER BY id DESC
LIMIT $start, $postsPerPage";
$result = $connect->prepare($sql) or die ('error');
$result->execute();
$result->bind_result($id, $title, $author, $excerpt, $image_small, $image_med, $date);谢谢!
回答 3
Stack Overflow用户
回答已采纳
发布于 2011-03-21 16:20:22
您需要以下内容:
$start = 1; $postsPerPage = 1;
$sql = "SELECT id, title, author, LEFT(description, 40) AS excerpt,
image_small, image_med, date
FROM posts
ORDER BY id DESC
LIMIT ?, ?";
$stmt = $connect->prepare($sql) or die ('error');
$stmt->bind_param('ii', $start, $postsPerPage);
$stmt->execute();
$stmt->bind_result($id, $title, $author, $excerpt, $image_small, $image_med, $date);
while($stmt->fetch()) {
printf('<h1>%s</h1><p>%s <small> by %s on %s</small></p>',
htmlspecialchars($title),
htmlspecialchars($excerpt),
htmlspecialchars($author),
htmlspecialchars($date)
);
}这会将两个问号绑定到$start和$postsPerPage的整数(i)值。不要在预准备语句中直接使用变量,因为这将违背预准备语句的全部目的(除了消除解析时间之外)
Stack Overflow用户
发布于 2011-03-21 16:23:59
- 将问号用作SQL中您希望变量的值所在的占位符。
- 使用mysqli_stmt::bind_param将值绑定到占位符。
Stack Overflow用户
发布于 2011-03-21 16:20:15
如果我没记错的话,您必须使用bindParam并将查询中的变量替换为问号
$sql = "SELECT id, title, author, LEFT(description, 40) AS excerpt,
image_small, image_med, date
FROM posts
ORDER BY id DESC
LIMIT ?, ?";
$result = $connect->prepare($sql) or die ('error');
$result->bindParam(1, $start);
$result->bindParam(2, $postsPerPage);你可以在http://php.net/manual/en/pdo.prepared-statements.php找到更多的例子
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/5375182
复制相关文章
相似问题
腾讯云开发者
