我使用此函数将参数绑定到预准备语句中,
参数是$_POST["params"]内的字符串,看起来像是:
{type1:value1}{type2:value2}....
这个函数应该用语句绑定每个param,但是我得到错误:
function executeQuery($q)
{
global $server,$user,$pwd,$db,$output;
$cn = mysqli_connect($server,$user,$pwd);
mysqli_set_charset($cn,"utf8");
mysqli_select_db($cn,$db);
if(isset($_POST["params"]))
{
$ps = mysqli_prepare($cn,base64_decode($q));
$params = $_POST["params"];
$params_array = array();
while(strlen($params)>0)
{
$n1 = strpos($params,"{");
$n2 = strpos($params,"}'");
$param = substr($params,$n1+1,$n2-($n1+1));
$param_exploded = explode(":",$param);
$type = $param_exploded[0];
$params_array[$param_exploded [1]] = $param_exploded[1];
mysqli_stmt_bind_param($ps,$type,$params_array[$param_exploded[1]]);
if($n2+1>=strlen($params))
break;
$params = substr($params,$n2+1);
}
$ps->execute();
$result = mysqli_stmt_result_metadata($ps);
$count = mysqli_num_fields($result);
$output.="<table><tr>";
for($i =0;$i<$count;$i++)
{
$output.="<th>".mysqli_fetch_field_direct($result, $i)->name."</th>";
}
$output.="</tr>";
while($row = mysqli_fetch_assoc($result))
{
$output.="<tr>";
for($i =0;$i<$count;$i++)
{
$output.="<td>".$row[mysqli_fetch_field_direct($result,$i)->name].</td>";
}
$output.="</tr>";
}
$output.="</table>";
}
输出将是一个html表。 P.S:
查询
select * from t1 where c1 = ? and c2 = ?
$_POST["params"]的价值:
"{s:A}{s:N}"