我试图将可变数量的值绑定(bind)到准备好的语句的 IN ()
条件中,并稍后在查询中绑定(bind)更多值,但出现错误:
PHP Fatal error: Cannot use positional argument after argument unpacking.
我的代码如下:
$ccarr=explode(",", $cc);
$in = str_repeat('?,', count($ccarr) - 1) . '?';
$op_r=$tfvarr[2];
$budg_et=$tfvarr[1];
$budg_et1=$tfvarr111111;
$sqldesk="SELECT subsubcatid_parent, plink, deskid, sum(itprice) as totprice FROM desktop_items a, items_table b, obsubsubcat c where subsubcatid_parent IN ($in) and a.itno = b.itno and a.subsubcatid_parent=c.subsubcatid group by subsubcatid_parent, deskid having totprice > ? && totprice ? ?" ;
if($stmtdesk = $conn->prepare($sqldesk))
{
$types = str_repeat('i', count($ccarr));
$types .= 'isi';
$stmtdesk->bind_param($types, ...$ccarr, $budg_et1, $op_r, $budg_et);
$stmtdesk->execute();
$stmtdesk->store_result();
$stmtdesk->bind_result($subsubcatid_parentdesk, $plinkdesk, $deskiddesk, $totpricedesk);
}
如何绑定(bind)所有值而不出现解包错误?
最佳答案
我建议您将附加值插入 $ccarr
数组,这样你只需要 splat $ccarr
bind_param()
里面.
看起来像$op_r
是一个“运算符”而不是一个值。所以这不应该受到约束。 Listen to Victor 。应根据硬编码值白名单验证运算符值,并将其直接注入(inject)到查询字符串中。
$ccarr = explode(",", $cc);
$in = str_repeat('?,', count($ccarr) - 1) . '?';
$op_r = $tfvarr[2];
$budg_et = $tfvarr[1];
$budg_et1 = $tfvarr111111;
array_push($ccarr, $budg_et1, $budg_et);
$types = str_repeat('i', count($ccarr));
$sqldesk = "SELECT subsubcatid_parent, plink, deskid, SUM(itprice) AS totprice
FROM desktop_items a
JOIN items_table b ON a.itno = b.itno
JOIN obsubsubcat c ON a.subsubcatid_parent = c.subsubcatid
WHERE subsubcatid_parent IN ($in)
GROUP BY subsubcatid_parent, deskid
HAVING totprice > ? AND totprice {$op_r} ?";
$stmtdesk = $conn->prepare($sqldesk);
$stmtdesk->bind_param($types, ...$ccarr);
$stmtdesk->execute();
$stmtdesk->store_result();
$stmtdesk->bind_result($subsubcatid_parentdesk, $plinkdesk, $deskiddesk, $totpricedesk);
此外,我不建议使用 old-skool 逗号连接。明确声明 JOIN 更清晰、更现代,并且使用 ON
进行设置。描述连接关系的表达式。
最后,&&
在 MySQL 中应该是 AND
。始终使用全大写在 sql 字符串中写入 MySQL 关键字。
关于php - 在准备语句时解包参数后无法使用位置参数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64770881/