我必须将 PHP 变量传递给存储过程调用,存储过程对我来说是新的,请帮助我..提前致谢
<?php
include('connection.php');
if(isset($_POST["state_id"]) && !empty($_POST["state_id"]) && isset($_POST["cat_id"]) && !empty($_POST["cat_id"])){
$categoryid=$_POST["cat_id"];
$qttypeid=$_POST["state_id"];
if(($_POST["state_id"]=='1') || ($_POST["state_id"]=='2') ){
$res4=mysqli_query($con,"call PP4($categoryid,$qttypeid)");
echo $res4;
while($res4a=mysqli_fetch_array($res4)){
echo '<option value="'.$res4a['locId'].'">'.$res4a['access'].'</option>';
}
}else{
$res4=mysqli_query($con,"call PP1");
while($res4a=mysqli_fetch_array($res4)){
echo '<option value="'.$res4a['locId'].'">'.$res4a['access'].'</option>';
}
}
}
?>
最佳答案
好吧,你已经打开了 SQL 注入(inject),你将需要使用准备好的语句来清理你的参数。以下是如何使用准备好的语句来调用存储过程。
$connect = new mysqli($servername, $username, $password, $dbname);
// bind the first parameter to the session variable @categoryid
$stmt = $connect->prepare('SET @categoryid := ?');
$stmt->bind_param('s', $categoryid);
$stmt->execute();
// bind the second parameter to the session variable @qttypeid
$stmt = $connect->prepare('SET @qttypeid := ?');
$stmt->bind_param('s', $qttypeid);
$stmt->execute();
// execute the stored Procedure
$result = $connect->query('call PP4(@categoryid, @qttypeid, @msg)');
// getting the value of the OUT parameter
$result = $mysqli->query('SELECT @msg as _output');
$row = $result->fetch_assoc();
echo $row['_output'];
关于php - 在php中调用时如何将php变量传递到mysql存储过程,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52660558/