使用call_user_func_array（）动态构建预准备语句

I need to dynamically build up the SQL statement and the parameters based on user input. The length of the sql statement and the number of parameters changes based on user input. I am trying to use this tutorial and apply it to my code. Here is the code:

$query = "SELECT p.*, s.* 
        FROM product p 
        INNER JOIN product_shop ps 
        ON ps.p_id = p.p_id 
        INNER JOIN shop s 
        ON s.s_id = ps.s_id 
        WHERE s.country = ?";
        $a_params[] = $place['country'];
        $a_param_type[] = "s";
    // prepare and bind

    $param_type = '';

    foreach ($place as $key => $value) {
        if ($key === "country") {
            continue;
        }
        $query .= " and s.$key = ?";
        $a_params[] = $value;
        $a_param_type[] = "s";
    }
    /* Prepare statement */
    $stmt = $conn->prepare($query);
    if($stmt === false) {
        trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->errno . ' ' . $conn->error, E_USER_ERROR);
    }

    $a_params[] =  $a_param_type;

    /* use call_user_func_array, as $stmt->bind_param('s', $param); does not accept params array */
    call_user_func_array(array($stmt, 'bind_param'), $a_params);

    /* Execute statement */
    $stmt->execute();   
    $meta = $stmt->result_metadata();

I know $place['country'] will always be populated. The sql statement is correct. It is:

"SELECT p.*, s.* 
        FROM product p 
        INNER JOIN product_shop ps 
        ON ps.p_id = p.p_id 
        INNER JOIN shop s 
        ON s.s_id = ps.s_id 
        WHERE s.country = ? and s.suburb = ? and s.city = ? and s.province = ?"

Don't mind the " " chars, they have no effect on the sql statement.

In:

call_user_func_array(array($stmt, 'bind_param'), $a_params);

the value of $a_params is:

0:"New Zealand"
1:"Grey Lynn"
2:"Auckland"
3:"Auckland"
4:array(4)
0:"s"
1:"s"
2:"s"
3:"s"

In:

$meta = $stmt->result_metadata();

the value of $meta becomes:

current_field:0
field_count:13
lengths:null
num_rows:0
type:1

Meaning that no rows were selected from the database. I have executed this sql on the database manually and it returns rows. What is wrong with my code, that makes it return no rows from the database?

EDIT: I saw that this answer says to put the "ssss" at the start of the $params so I did that and got this error in the $stmt object:

errno:2031
error:"No data supplied for parameters in prepared statement"
error_list:array(1)
propertyNode.hasAttribute is not a function

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dsd57259 2016-05-01 10:00
关注
I don't understand what ways you've tried, but I will try to answer:

according to bind_param manual:

first argument of bind_param is a string, like 'ssss'.

second and other arguments - are values to be inserted into a query.

So, your $a_params array should be not

0:"New Zealand" 1:"Grey Lynn" 2:"Auckland" 3:"Auckland" 4:array(4) 0:"s" 1:"s" 2:"s" 3:"s"

But:

0:"ssss" 1:"New Zealand" 2:"Grey Lynn" 3:"Auckland" 4:"Auckland"

See? All values are strings. And placeholders' types are the first one.

Also take into consideration that order of arguments in $a_params must be the same as order of parameters in bind_param. This means that, i.e., $a_params like

0:"New Zealand" 1:"Grey Lynn" 2:"Auckland" 3:"Auckland" 4:"ssss"

is wrong. Because first element of $a_params will be the first argument of bind_param and in this case it's not a "ssss" string.

So, this means that after you filled $a_params with values, placeholders' string should be added to the beginning of $a_params, with array_unshift for example:

// make $a_param_type a string $str_param_type = implode('', $a_param_type); // add this string as a first element of array array_unshift($a_params, $str_param_type); // try to call call_user_func_array(array($stmt, 'bind_param'), $a_params);

In case this didn't work, you can refer to a part of answer you provided, where values of $a_params are passed by reference to another array $tmp, in your case you can try something like:

// make $a_param_type a string $str_param_type = implode('', $a_param_type); // add this string as a first element of array array_unshift($a_params, $str_param_type); $tmp = array(); foreach ($a_params as $key => $value) { // each value of tmp is a reference to `$a_params` values $tmp[$key] = &$a_params[$key]; } // try to call, note - with $tmp, not with $a_params call_user_func_array(array($stmt, 'bind_param'), $tmp);
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

使用call_user_func_array（）动态构建预准备语句 mysql php
2016-05-01 07:51

回答 2 已采纳 I don't understand what ways you've tried, but I will try to answer: according to bind_param manu
为什么在call_user_func_array（）之前使用switch语句 laravel php
2017-01-04 10:56

回答 1 已采纳 As Clive has mentioned in the comments; it's because of the performance concerns. call_user_func_
动态预准备语句（绑定参数错误） mysql php
2014-04-26 22:13

回答 1 已采纳 My understanding is that the first parameter 'types' is a string of the types of the parameters, n
PHP call_user_func理解
2019-05-28 16:04

挑灯夜读的博客 call_user_func()：调用一个回调函数处理字符串, 　可以用匿名函数，可以用有名函数，可以传递类的方法，　用有名函数时，只需传函数的名称　用类的方法时，要传类的名称和方法名　传递的第一个参数必须为函数名...
使用MySQLi动态绑定准备语句中的参数 php
2014-02-20 02:36

回答 1 已采纳 There are not 67 rows with query SELECT id, name FROM album WHERE name LIKE 'love' AND name LIKE
构建用于搜索的Dynamic Prepared语句 mysql php
2019-03-16 23:20

回答 2 已采纳 You were on the right track as far as you went. What you missed is how to get the right number of
动态mysqli准备语句失败 php
2013-02-12 07:35

回答 2 已采纳 I just fixed the function. Perhaps this is interesting for someone else: function connectDB($mysq
calluserfuncarray php 错误,php call_user_func_array的详细用法
2021-04-20 10:31

星见勇气的博客主要用在函数名不确定，参数不确定...}call_user_func_array('say',array('HelloPHP'));/*第一个参数为要调用的方法名，字符串形式，第二个参数为要传给方法的参数，数组形式*//**这如果say()方法不存在，通过call_u...
准备语句WHERE ... IN（...）with array parameter php
2012-08-08 18:41

回答 1 已采纳 I wasn't merging $types and $questions_to_delete correctly! In my original code: // Produces ['i'
从php准备语句重新格式化数组结果 php
2013-08-06 04:15

回答 2 已采纳 use array_merge_recursive() like this $ar1=array(array('topping'=>"Mushrooms",'slices'=>"3"
MySQLi：准备好返回嵌套数组的语句 php
2011-02-24 19:35

回答 1 已采纳 $array = null; is needed... $i=0; $array = null; while($stmt->fetch())
php soap call_user_func_array,session_start()&bestphp
2021-05-02 08:25

weixin_39660408的博客又是CTF，还是pupil出的题，只能说，非常有趣了bestphpbestphp’s revenge前者来自xctf final，后者来自2018LCTFbestphp1文件包含拿到题目后发现代码非常简短，但是问题很明确，我们看到了函数call_user_func($func,...
调用mysql存储过程后出错 mysql php
2014-06-20 07:19

回答 2 已采纳 I found some solution. It is't pretty, but it works and helps to solve a problem with calling of m
php array call,PHP 函数 array_map() 和 call_user_func_array()
2021-04-10 13:00

weixin_39552317的博客最近看了某作者mostone的一篇文章，觉得写的不错，分享如下function mressf (){$args = func_get_args ();if ( count ( $args ) < 2 )return false ;$query = array_shift ( $args );$args = array_map ( 'mysql_...
PHP call_user_func与回调函数的结合使用
2018-12-26 04:29

weixin_34402408的博客 $closureFunc = function(){ return new RedisDB([ 'host' => '127.0.0.1', 'port' => 6379 ]); }; ...复制代码上面代码是一个简单的匿名函数写法print_r($closureFunc);...$instance = call_u...
没有解决我的问题, 去提问

悬赏问题

¥15 有赏，i卡绘世画不出
¥15 如何用stata画出文献中常见的安慰剂检验图
¥15 c语言链表结构体数据插入
¥40 使用MATLAB解答线性代数问题
¥15 COCOS的问题COCOS的问题
¥15 FPGA-SRIO初始化失败
¥15 MapReduce实现倒排索引失败
¥15 ZABBIX6.0L连接数据库报错，如何解决？(操作系统-centos)
¥15 找一位技术过硬的游戏pj程序员
¥15 matlab生成电测深三层曲线模型代码

使用call_user_func_array（）动态构建预准备语句

2条回答 默认 最新

悬赏问题

2条回答默认最新