How to bind parameters to phpmysqli preprocessing?/** & nbsp; * & nbsp; execute SQL & nbsp; * & nbsp; $ SQL [String] SQL statement & nbsp; * & nbsp; $ args [array] parameter & nbsp; */php mysqli preprocessing how to bind parameters
/**
* Execute SQL statement preprocessing in php
* $ SQL [String] SQL statement
* $ Args [array] Parameters
*/
Public function exeSql ($ SQL, $ args ){
$ Mysqli_stmt = $ mysqli-> prepare ($ SQL );
// Because $ SQL is passed in by the caller, the number of SQL statements and parameters is unknown.
// Question 1: how to obtain the parameter type? Is there any function in php?
// If not, use the following method: is getParamTypeStr ($ arr) feasible? Are you recommended?
// Question 2: how to bind parameters? The following is the binding method when the number of parameters is determined.
// $ Mysqli_stmt-> bind_param ("ssi", "xx", "xx", 20 );
$ Mysqli_stmt-> execute ();
$ Mysqli-> close ();
}
Private function getParamTypeStr ($ arr ){
$ Count = count ($ arr );
$ Typestr = "";
For ($ I = 0; $ I <$ count; $ I ++ ){
$ Type = gettype ($ arr [$ I]);
Switch ($ type ){
Case "integer ":
$ Typestr. = "I ";
Break;
Case "float ":
Case "double ":
$ Typestr. = "d ";
Break;
Case "string ":
$ Typestr. = "s ";
Break;
}
}
Return $ typestr;
}
I know that java is implemented in the following way:
// Execute SQL statement preprocessing in java
Public void exeSql (String SQL, Object [] args ){
PreparedStatement preparedStatement = connection. prepareStatement (SQL );
For (int I = 0; I preparedStatement. setObject (I + 1, args [I]);
}
PreparedStatement.exe cuteUpdate ();
Connection. close ();
}
Which of the following friends helped me to answer the above two questions? I just switched to php and read the document. I have mentioned reflection, but I am not very familiar with it. some friends also said that I should replace 'in SQL '? ', I also hope you can give me some detailed instructions. it is best to provide some core code. Thank you very much!
------ Solution --------------------
2.
$ Callback = array ($ mysqli_stmt, 'bind _ param ');
// Add the parameter type description to the array
Array_unshift ($ args, getParamTypeStr ($ args ));
Call_user_func_array ($ callback, $ args );
// Its call is similar:
$ Mysqli_stmt-> bind_param (getParamTypeStr ($ args), $ args [0], $ args [1], $ args [2]...);
We recommend that you use the PDO and mysqli functions. the bindParam () method of PDO is much more intuitive.
Http://www.php.net/manual/en/pdostatement.bindparam.php
------ Solution --------------------
I have a php pdo class I wrote here. you can use it directly:
/* Connect to the database class MysqlConnect */
Class MysqlConnect {
Private $ dbhost = null;
Private $ dbuser = null;
Private $ dbpwd = null;
Private $ dbname = null;
Private $ dbport = null;
Private $ ifpdo = null;
Private $ dburi = null;
Private $ handler = null;
Function _ construct ($ dbhost, $ dbuser, $ dbpwd, $ dbname, $ dbport, $ ifpdo, $ dburi ){
$ This-> dbhost = $ dbhost;
$ This-> dbuser = $ dbuser;
$ This-> dbpwd = $ dbpwd;
$ This-> dbname = $ dbname;
$ This-> dbport = $ dbport;
$ This-> ifpdo = $ ifpdo;
$ This-> dburi = $ dburi; // URI parameter of PDO. you can check the manual.
If ($ this-> ifpdo = 1) {// indicates calling PDO to operate the database
$ This-> handler = $ this-> CreatePdo ();
} Elseif ($ this-> ifpdo = 0) {// The MYSQLI method can be written here.
$ This-> handler = null;
}
}
/* ---------------- Here is the portal ---------------------*/
// @ Param SQL: complete SQL statement passed during external calls
// @ Param bindArray: the bound parameter array, which is related to the SQL statement. If no PDO placeholder exists, it is null.
// @ Param action: pass operation parameters, "select"/"update"/"delete"/"insert"
Public function exeSql ($ SQL, $ bindArray = array (), $ action = ""){