我尝试使用这样的变量绑定:
$stmt = $mysqli->prepare("UPDATE mytable SET myvar1=?, myvar2=... WHERE id = ?")) {
$stmt->bind_param("ss...", $_POST['myvar1'], $_POST['myvar2']...);
但是一些$ _POST ['...']可能是空的,所以我不想在DB中更新它们.
这是不实际的,考虑到空$ _ POST各种不同的组合["..."],虽然我可以建立字符串'UPDATE mytable的设置...’我的需求,bind_param()是一个不同的野兽.
我可以尝试将其调用作为字符串构建并使用eval()但它感觉不对:(
Gum*_*mbo 25
您可以使用该call_user_func_array函数使用bind_param可变数字或参数调用该方法:
$paramNames = array('myvar1', 'myvar2', /* ... */);
$params = array();
foreach ($paramNames as $name) {
if (isset($_POST[$name]) && $_POST[$name] != '') {
$params[$name] = $_POST[$name];
}
}
if (count($params)) {
$query = 'UPDATE mytable SET ';
foreach ($params as $name => $val) {
$query .= $name.'=?,';
}
$query = substr($query, 0, -1);
$query .= 'WHERE id = ?';
$stmt = $mysqli->prepare($query);
$params = array_merge(array(str_repeat('s', count($params))), array_values($params));
call_user_func_array(array(&$stmt, 'bind_param'), $params);
}
cgp*_*cgp -2
将其构建为字符串,但将您的值放入数组中并将其传递给bindd_param。(并用 ? 替换 SQL 字符串中的值。
$stmt = $mysqli->prepare("更新 mytable SET myvar1=?, myvar2=... WHERE id = ?")) { $stmt->bind_param("ss...", $_POST['myvar1'] , $_POST['myvar2']...);
例如:
$args = array();
$sql = "UPDATE sometable SET ";
$sep = "";
$paramtypes = "";
foreach($_POST as $key => $val) {
$sql .= $sep.$key." = '?'";
$paramtypes .= "s"; // you'll need to map these based on name
array_push($args, $val);
$sep = ",";
}
$sql .= " WHERE id = ?";
array_push($args, $id);
array_insert($args, $paramtypes, 0);
$stmt = $mysqli->prepare($sql);
call_user_func_array(array(&$stmt, 'bindparams'), $array_of_params);
$stmt->bind_param($args);