php中的SQL查询与数组中的谓词

Posted 2021-03-27

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了php中的SQL查询与数组中的谓词相关的知识，希望对你有一定的参考价值。

我想使用数组中的参数在php中准备一个sql查询。它应该是一份准备好的声明。

假设这是带参数的数组

$params = array("arg1" => 1, "arg2" => 0, "arg3" => 1)

我希望我的查询看起来像

SELECT * FROM table WHERE arg1 = 1 AND arg2 = 0 AND arg3 = 1

答案

$qry= 'SELECT * FROM table WHERE ';
foreach($params as $key => $value)
{
$qry .= $key . '=' . $value . ' AND ';
}
$qry = substr($qry, 0, -5); // remove last ' AND '

这应该足以让你入门。根据您运行的mysql / SQL / PHP版本，您可能需要在变量周围加上引号。此解决方案不涉及sql注入或预处理语句。你可以添加？或者：变量取决于您如何构建准备好的语句。其他选项...您可以将数组内爆为“AND”分隔的字符串。 How to use array variable into mysql query in php/mysql

另一答案

如果要使用PDO管理预准备语句，请尝试以下代码：

<?php
$servername = "hostname";
$username = "username";
$password = "password";
$dbname = "database";

try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    // prepare sql
    $sql = "SELECT * FROM Persons";

    // considering this is the array you want to use to prepare the sql
    $params = array("LastName" => 1, "FirstName" => 1, "Address" => 1);
    foreach($params as $attr => $val) {
        $where[] = "$attr = :$attr";

    }
    $sql .= " where " . join(' and ', $where); // *** where LastName = :LastName and FirstName = :FirstName and Address = :Address

    $stmt = $conn->prepare($sql); //  *** SELECT * FROM Persons where LastName = :LastName and FirstName = :FirstName and Address = :Address

    // bind parameters
    foreach($params as $attr => $val) {
        $stmt->bindValue(":$attr", $val, PDO::PARAM_STR);
    }

    $stmt->execute();

    //$stmt->debugDumpParams();

    echo $stmt->rowCount();

    print_r($stmt->fetch());
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}

或者，如果您想使用mysqli管理预准备语句，请尝试以下操作：

<?php
$servername = "hostname";
$username = "username";
$password = "password";
$dbname = "database";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "SELECT * FROM Persons";

// considering this is the array you want to use to prepare the sql
$params = array("LastName" => 1, "FirstName" => 0, "Address" => 1);
$sqltype = "";

foreach($params as $attr => $val) {
  $where[] = "$attr = ?";
  $sqltype .= 's';
  $bind_val[] = $val;
}

$sql .= " where " . join(' and ', $where); // *** SELECT * FROM Persons where LastName = ? and FirstName = ? and Address = ?

// prepare sql
$stmt = $conn->prepare($sql);

// bind parameters
$stmt->bind_param( $sqltype, ...$bind_val ); // *** $stmt->bind_param("sss", 1, 0, 1);

$stmt->execute();

$result = $stmt->get_result();

echo $result->num_rows;
print_r($result);

以上是关于php中的SQL查询与数组中的谓词的主要内容，如果未能解决你的问题，请参考以下文章

SQL Server中的全文搜索

将 MySQL 内爆数组中的项目与查询中的 PHP 数组匹配

MYSQL 常用语句

对于 CONTAINS 全文谓词，SQL Server 2008 中的逻辑短路似乎失败

Sql查询优先考虑php数组中的值

如何对数组php中的所有项目运行sql查询