我的PHP看起来像这样:
$diagSel = $_POST['diagSel'];
$search_crit = $_POST['criteria']; //this is an entry like "85054,85206" (no quotes)
$sql1 = "SELECT * FROM `myTable` where`Diagnosis` = :diagnosis and `zip_code` in (:placeHolder) group by `Provider Number`";
$stmt = $dbh->prepare($sql1);
$stmt->bindParam(':diagnosis', $diagSel, PDO::PARAM_STR);
$stmt->bindParam(':placeHolder', $search_crit, PDO::PARAM_STR);
$stmt->execute();
$result1 = $stmt->fetchAll(PDO::FETCH_ASSOC);
header('Content-type: application/json');
echo json_encode($result1);
问题在于......如果用户输入逗号分隔的多个邮政编码(在criteria中传递),则ECHO无效。如果他们输入一个邮政编码,它就会返回我期望的内容。
有没有办法通过PDO传递逗号分隔值,例如85054,85206使用预准备语句?
感谢。
答案 0 :(得分:1)
不是,我建议这样的事情:
$diagSel = $_POST['diagSel'];
$search_crit = $_POST['criteria'];
$list = explode(',', $search_crit);
array_map(array($dbh, 'quote'), $list);
$sql1 = sprintf('
SELECT *
FROM `myTable`
WHERE `Diagnosis` = :diagnosis
AND `zip_code` IN (%s)
GROUP BY `Provider Number`', implode(',', $list));
$stmt = $dbh->prepare($sql1);
$stmt->bindParam(':diagnosis', $diagSel, PDO::PARAM_STR);
$stmt->execute();
$result1 = $stmt->fetchAll(PDO::FETCH_ASSOC);
header('Content-type: application/json');
echo json_encode($result1);
答案 1 :(得分:1)
如果要向SQL查询添加多个值,则不能使用bindpram两次在exec命令中添加一个数组以添加所有变量