如何将此 SELECT 查询转换为准备好的 SELECT 查询?我可以执行 INSERT 准备语句或 UPDATE 语句,但我对 SELECT 准备查询感到困惑,因为我永远不确定要为 bind_param 放置什么而且我不知道如何用 JOIN 的
$stmt = mysqli_query($con,"SELECT up.ordering, u.username, up.playername
FROM users AS u
INNER JOIN playersByUser AS up ON u.id = up.userid
WHERE u.id = $userid
ORDER BY up.ordering");
if (!$stmt) {
die('Invalid query: ' . mysqli_error($con));
}
我知道它会是这样的......
$stmt = $con->prepare("SELECT up.ordering, u.username, up.playername
FROM users AS u
INNER JOIN playersByUser AS up ON u.id = up.userid
WHERE u.id = $userid
ORDER BY up.ordering");
if (!$stmt->bind_param("",)) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
我只是不确定如何为它绑定(bind)参数或者是否需要它?
最佳答案
当您使用准备好的查询时,您不是在查询字符串中放置一个变量,而是放置一个占位符 ?。然后使用 bind_param 将占位符连接到变量。
$stmt = $con->prepare("SELECT up.ordering, u.username, up.playername
FROM users AS u
INNER JOIN playersByUser AS up ON u.id = up.userid
WHERE u.id = ?
ORDER BY up.ordering");
$stmt->bind_param("i", $userid);
$stmt->execute();
关于php - 将普通的 SELECT 查询转换为准备好的 SELECT 查询,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32338807/