php - 使用数组的 mysqli 参数化查询

Question

如何使用带有 sql 查询的数组，然后循环遍历 结果？

这是我所拥有的，但我不太确定应该如何使用 我的查询中的内爆变量

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<titleard Log</title>
<link rel="stylesheet" type="text/css" media="all" href="jsDatePick_ltr.min.css" />
<script type="text/javascript" src="jsDatePick.min.1.3.js"></script>
<script type="text/javascript">
 window.onload = function() { new JsDatePick({ useMode:2, target:"inputField", dateFormat:"%d-%m-%Y" }); new          JsDatePick({ useMode:2, target:"inputField2", dateFormat:"%d-%m-%Y" }); }; 
</script>
</head>
<body>   

 <form action="#" method="post"> 
 <input type="checkbox" name="driver[]" value="Julia">Julia 
 <input type="checkbox" name="driver[]" value="Pete">Pete From 
 <input type="text" name="date1" size="12" id="inputField" /> To 
 <input type="text" name="date2" size="12" id="inputField2" /> 
 <input type="submit" value="Submit" name="submit"/> 
 </form> 

<?php 
if(isset($_POST['submit']) && ($_POST['submit'] == "Submit")) 
{ 
$date1 = $_POST['date1'];
$date2 = $_POST['date2'];
$date1 = date("Ymd", strtotime($date1));
$date2 = date("Ymd", strtotime($date2));
$drivers = "'".implode("','",$_POST['driver'])."'";
}

$mysqli = new mysqli('' );

if($mysqli->connect_error)
echo {
die("$mysqli->connect_errno: $mysqli->connect
_error");
}

$query = "SELECT * FROM wizardlog WHERE driver IN (?) AND date between ? and ? ";

$stmt = $mysqli->stmt_init();
if(!$stmt->prepare($query))
{
print "Failed to prepare statement\n";
}
else
{
              $stmt->bind_param("sss", $drivers, $date1, $date2);
              $stmt->execute();
            $result = $stmt->get_result();
            while ($row = $result->fetch_array(MYSQLI_ASSOC))
        {
            foreach($rows as $row) 
        { 
        $id = $row['id'];
        $driver = $row['driver'];
        $date = date("d/m/y", strtotime($date));
         $time = $row['time'];
          $time = substr($time, 0, 5);
        $fname = $row['fname'];
        $lname = $row['lname'];
        $town = $row['town'];

任何帮助将不胜感激!

Answer 1

一个参数只能代替一个标量值。不是值列表。

要参数化列表，您需要的参数数量等于列表中元素的数量。

但是mysqli使得使用起来非常困难bind_param()具有可变数量的元素。原因是 bind_param() 需要您通过引用传递参数，因此您不能只传递数组；您需要传递一组引用。这是皇家皮塔饼。

使用 PDO 更容易，因为这样您可以简单地将值数组传递给 PDOStatement::execute()方法。