MySQLi使用动态更新查询准备语句

时间:2011-07-09 13:56:55

标签: php mysql mysqli prepared-statement

我正忙着从正常的mysql_queries转换到预备语句,现在我找到了一个根据有多少字段不为空生成动态查询的函数。

我设法转换它,因此它将每个字段作为单独的查询运行,但有没有办法将所有这些查询放入一个查询而不转换为PDO?

public function edit($ticket_id, $department_id = '', $location_id = '', $ticketcat_id = '', $ticketsta_id = '',
                     $ticketmed_id = '', $ticketpri_id = '', $ticket_assigned = '', $ticket_plandate = '', 
                     $ticket_user_name = '', $ticket_user_email = '', $ticket_user_phone = '', $ticket_subject = '') {

            $data = array(
            array('field' => 'department_id', 'value' => $department_id, 'type' => 'i'),
            array('field' => 'location_id', 'value' => $location_id, 'type' => 'i'),
            array('field' => 'ticketcat_id', 'value' => $ticketcat_id, 'type' => 'i'),
            array('field' => 'ticketsta_id', 'value' => $ticketsta_id, 'type' => 'i'),
            array('field' => 'ticketmed_id', 'value' => $ticketmed_id, 'type' => 'i'),
            array('field' => 'ticketpri_id', 'value' => $ticketpri_id, 'type' => 'i'),
            array('field' => 'ticket_assigned', 'value' => $ticket_assigned, 'type' => 'i'),
            array('field' => 'ticket_plandate', 'value' => $ticket_plandate, 'type' => 's'),
            array('field' => 'ticket_user_name', 'value' => $ticket_user_name, 'type' => 's'),
            array('field' => 'ticket_user_email', 'value' => $ticket_user_email, 'type' => 's'),
            array('field' => 'ticket_user_phone', 'value' => $ticket_user_phone, 'type' => 's'),
            array('field' => 'ticket_subject', 'value' => $ticket_subject, 'type' => 's')
            );

            foreach($data as $id => $data_) {
                IF(empty($data_['value'])) unset($data[$id]);
            }

            IF(count($data) > 0) {

                $errors = false;
                $query = 'UPDATE tickets SET ';
                foreach($data as $id => $values) {
                    $query2 = $query.$values['field'].' = ? WHERE ticket_id = ? ';
                    echo $query2.'<br />';
                    IF($stmt = $this->db->prepare($query2)) {                    
                        $types = $values['type'].'i';
                        $stmt->bind_param($types, $values['value'], $ticket_id);

                        IF(!($stmt->execute())) {
                            $errors = true;
                        }
                        $stmt->close();
                    }
                }

                IF(!$errors) {
                    $this->db->commit();
                    return true;
                }

                return false;
            }
        }

1 个答案:

答案 0 :(得分:4)

诀窍是构造一个包含您要绑定的参数的数组,然后在call_user_func_array的帮助下,您可以将此数组传递给bind_param

有关call_user_func_array的详细信息,请参阅http://www.php.net/manual/en/function.call-user-func-array.php

您的代码可以是:

    $para_type="";
    /* $para is the array that later passed into bind_param */
    $para=array($para_type);
    $query = 'UPDATE tickets SET ';

    IF(count($data) != 0) {
        /* Looping all values */

        foreach($data as $k=>$d) {
            $query .= '`'.$d['field'].'` = ? ,';

            $para_type .=$d['type'];

            $para[] = &$data[$k]['value'];
        }

        /* removing last comma */
        $query[(strlen($query)-2)] = '';

        /* adding where */
        $query .= ' WHERE `ticket_id` = ?';
        $para_type .= 'i';
        $para[]=&$ticket_id;

        call_user_func_array(array($stmt, 'bind_param'), $para);

        return true;
    }

请注意&在所有参数前面,bind_param需要它。

我认为更好的另一种方法是使用PDO。它采用命名参数,可以进行增量绑定。