动态生成要在PHP预准备语句的bind_param（）函数中使用的变量名

I was wondering if it's possible to store the variables to be inserted in a bind_param() function inside another variable such that if this were the original query:

$stmt->bind_param("si", $column1, $column2);

would it be possible to store the 2 variables inside another variable, i.e:

$columns = $column1.','.$column2;

And then if the new variable can be used inside the bind_param() function like this such that it works:

$stmt->bind_param("si", $columns);

My Database column names and php variable names are the same (except for the '$' sign of course), so I tried this:

$string = "column1, column2";

function convert_to_variables($string) {

        // Convert column names to an array
        $array = explode(", ", $string); 

        // Convert column names array values to a variable
        foreach ($array as $key => $value) {
            $array_values_with_dollar[] = $$value; // (previously tried with '$'.$value)
        }

        // Convert to string again
        $imploded = implode(", ", $array_values_with_dollar); 

        return $imploded;
}

.
.
$variables = convert_to_variables($string);
.
.
$stmt->bind_param("si", $variables );
.
.
// Everything else like $stmt = $dbc->prepare(""); and $stmt->execute(); etc exists. 
// The bind_param() is the only line with an error.

(Right now I'm getting an 'Undefined variable: column1' error.)

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duandange7480 2017-07-22 15:07
关注
It's not possible to do with strings directly, because it'd be interpreted as just that - a single string, and not a combination of strings that'd make up the values for each column. Using that logic, you'd also have issues if one of your strings actually contains ', 'as well - then it wouldn't match up with number of values and number of parameters.

I can suggest an alternative using arrays instead. You can use that string as a base if you really need to, and use explode() on that. In any case, using an array, you can use the "unpacking operator" ... to unpack the array.

$string = "column1, column2"; $boom = explode(", ", $string); $stmt->bind_param("ss", ...$boom);

Alternatively build it as an array, and use that (which effectively is the same). This approach is better, as it will not produce more values than parameters if one or more of the strings contains a comma ,.

$variables = array("column1", "column2"); $stmt->bind_param("ss", ...$variables);

PHP 'New Features' on array unpacking

Also note that I've changed "types" parameter to ss (was si), because both your parameters are in fact strings.
本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

动态生成要在PHP预准备语句的bind_param（）函数中使用的变量名 php
2017-07-22 14:59

回答 2 已采纳 It's not possible to do with strings directly, because it'd be interpreted as just that - a single
为什么这个SQL语句失败了？在非对象上调用成员函数bind_param（） html mysql php sql
2016-03-22 02:59

回答 1 已采纳 This question was correctly solved by @Sean in the comments under the OP. Is $con a valid mysq
php的prepare准备语句写注册页面 php 前端有问必答
2021-12-30 10:44

回答 3 已采纳 6个字段，题主只有5个参数。。。if($stmt=$mysqli->prepare("insert into lg_user (username,password,email,address,t
php mysql bind_PHP mysqli_stmt_bind_param() 函数用法及示例
2021-02-02 20:07

SISUERyep的博客 PHP mysqli_stmt_bind_param() 函数用法及...定义和用法mysqli_stmt_bind_param()函数用于将变量绑定到准备好的语句的参数标记。语法mysqli_stmt_bind_param($stmt,$types,$var1,$var2...);参数序号参数及说明1stm...
函数php中的if / else语句没有插入[关闭] mysql php
2019-03-13 07:52

回答 2 已采纳 I had to change "sssiiii" to "iiiss" because Every single character of your 'sssiiii' stands for a
将MySQLi中的预准备语句作为函数参数传递 php
2014-07-09 14:39

回答 1 已采纳 I think this way could be not the lightweight solution but you can reset the result pointer with t
PHP函数没有工作准备语句[重复] php
2014-05-28 01:58

回答 1 已采纳 Basically you haven't instantiated $result anywhere, yet you try to call it via: $result->fetc
php函数param太多,php中bind_param()函数用法详解
2021-03-24 13:52

路远记得带酒的博客这篇文章主要介绍了php中bind_param()函数用法,简单分析了bind_param()函数的功能、参数、使用方法与相关注意事项,需要的朋友可以参考下从字面上不难理解，绑定的参数；下面我通过一个绑定参数的例子讲一下：for ...
预处理语句SELECT在非对象上调用成员函数fetch_assoc（） php
2016-01-17 16:29

回答 1 已采纳 mysqli_stmt::execute() returns a bool (true/false), not a mysqli_result. Since php 5.3 you can use
从PHP调用MySql函数 ajax mysql php
2015-05-24 00:06

回答 1 已采纳 Seems a lot of rigmarole to accomplish a fairly straightforward task. We tend to avoid creating My
SQL注入中的“参数化查询/预处理语句”如何比转义用户输入更好 mysql php sql
2017-12-05 04:51

回答 1 已采纳 Q: Can you give an example that parameterized query prevent the SQL injection attack when a user
mysql bind param_PHP Mysqli_stmt->bind_param报错的原因与解决办法
2021-01-27 12:10

weixin_39842271的博客插件需要用到数据库中的内容，于是我编写查询查询语句，使用了据说较为安全的mysqli::prepare方法。但是有一个报错困扰了我很久。报错内容为“Fatal error: Uncaught Error: Call to a member function ...
MySQLi预处理语句中的绑定参数 php
2014-07-09 10:12

回答 1 已采纳 Calling a function repeatedly is more expensive than not calling it repeatedly, so there should be
php mysql bind_PHP mysqli_stmt_bind_result() 函数用法及示例
2021-03-16 23:30

浊池的博客 PHP mysqli_stmt_bind_result() 函数用法及示例mysqli_stmt_bind_result()函数将变量绑定到预处理语句以存储结果定义和用法mysqli_stmt_bind_result()函数用于将结果集的列绑定到变量。绑定变量后，您需要调用mysqli...
mysql bind param_mysql绑定参数bind_param原理以及防SQL注入
2021-01-19 06:06

陈允信的博客下面我简单的写一下这个函数： /** * 模拟简单的绑定参数过程 * * @param string $sql SQL语句 * @param int $location 问号位置 * @param mixed $var 替换的变量 * @param string $type 替换的类型 */ $times = 0;...
没有解决我的问题, 去提问

悬赏问题

¥15 R语言Rstudio突然无法启动
¥15 关于#matlab#的问题：提取2个图像的变量作为另外一个图像像元的移动量，计算新的位置创建新的图像并提取第二个图像的变量到新的图像
¥15 改算法，照着压缩包里边，参考其他代码封装的格式写到main函数里
¥15 用windows做服务的同志有吗
¥60 求一个简单的网页(标签-安全|关键词-上传)
¥35 lstm时间序列共享单车预测，loss值优化，参数优化算法
¥15 Python中的request，如何使用ssr节点，通过代理requests网页。本人在泰国，需要用大陆ip才能玩网页游戏，合法合规。
¥100 为什么这个恒流源电路不能恒流？
¥15 有偿求跨组件数据流路径图
¥15 写一个方法checkPerson，入参实体类Person，出参布尔值

动态生成要在PHP预准备语句的bind_param（）函数中使用的变量名

2条回答 默认 最新

悬赏问题

2条回答默认最新