我正在使用mysqli prepare准备查询,但这是一个错误
查看与您的MySQL服务器版本对应的手册,以获得使用near '? ) AND ( user_fullname ? )'
$query="DELETE FROM table WHERE ( quiz_answer ? ) AND ( user_fullname ? )";
$stmt = $mysqli->prepare($query);
$stmt->bind_param('ss',array('IS NULL','IS NULL'));
$stmt->execute();
请帮我查询查询中的问题 提前致谢
答案 0 :(得分:0)
如果我们假设,$ answer和$ fullname是你的quiz_answer和user_fullname参数。 这可能有效:
$answerString = 'IS NULL';
$userString = 'IS NULL';
if ( trim( $answer ) && $answer != 'null' ) $answerString = '= ?';
if ( trim( $user ) && $user != 'null') $userString = '= ?';
$query="DELETE FROM table WHERE ( quiz_answer $answerString ) AND ( user_fullname $userString )";
$stmt = $mysqli->prepare($query);
if ( $answer && ! $fullname ) $stmt->bind_param('s',array($answer));
if ( $answer && $fullname ) $stmt->bind_param('ss',array($answer, $fullname));
if ( ! $answer && $fullname ) $stmt->bind_param('s',array($fullname));
$stmt->execute();
但我还建议在将它们插入sql查询之前执行额外的param验证,即使是通过参数绑定也是如此。