mysqli bind_param为string数组

你不能用一个question mark来绑定两个variables！

对于你绑定的每个variables，你需要一个question mark

“bind_param”检查每个variables是否符合要求。 之后将string值放在引号之间。

这是行不通的。

 "SELECT name FROM table WHERE city IN (?)"; ( becomes too ) $q_prepared->bind_param("s", $cities); "SELECT name FROM table WHERE city IN ('city1,city2,city3,city4')"; 

一定是。

 "SELECT name FROM table WHERE city IN (?,?,?,?)"; ( becomes too ) $q_prepared->bind_param("ssss", $city1,$city2,$city3,$city4); "SELECT name FROM table WHERE city IN ('city1','city2','city3','city4')"; 

$query_prepared->bind_param一个一个地引用string参数。
而variables的数量和stringtypes的长度必须与语句中的参数相匹配。

 $query_str= "SELECT name FROM table WHERE city IN ('Nashville','Knoxville')"; 

会变成

 $query_str= "SELECT name FROM table WHERE city IN (?,?)"; 

现在bind_param必须是

 bind_param("ss",$arg1,$arg2) 

有了这个

 $query_str= "SELECT name FROM table WHERE city IN (?)"; 

和bind_param

 bind_param("s",$cities) 

你得到

 $query_str= "SELECT name FROM table WHERE city IN ('Nashville,Knoxville')"; 

这就是为什么一个数组不工作。
唯一的解决scheme是call_user_func_array

如果你发起一个声明，以下是不必要的

 $query_prepared = $mysqli->stmt_init(); if($query_prepared && $query_prepared->prepare($query_str)) { 

这是对的

 $query_prepared = $mysqli->stmt_init(); if($query_prepared->prepare($query_str)) { 

如果你不想使用call_user_func_array
而你只有less数的论据
你可以用下面的代码来完成。

 [...] $cities= explode(",", $_GET['cities']); if (count($cities)>3) { echo "too many arguments"; } else { $count = count($cities); $SetIn = "("; for($i = 0; $i < $count; ++$i) { $code.='s'; if ($i>0) {$SetIn.=",?";} else {$SetIn.="?";} } $SetIn.=")"; $query_str= "SELECT name FROM table WHERE city IN ".$SetIn; // with 2 arguments $query_str will look like // SELECT name FROM table WHERE city IN (?,?) $query_prepared = $mysqli->stmt_init(); if($query_prepared->prepare($query_str)) { if ($count==1) { $query_prepared->bind_param($code, $cities[0]);} if ($count==2) { $query_prepared->bind_param($code, $cities[0],$cities[1]);} if ($count==3) { $query_prepared->bind_param($code, $cities[0],$cities[1],$cities[2]); // with 2 arguments $query_prepared->bind_param() will look like // $query_prepared->bind_param("ss",$cities[0],$cities[1]) } $query_prepared->execute(); } [...] } 

我build议你试着用call_user_func_array来达到目的。

寻找nick9v的解决scheme
mysqli的-stmt.bind-PARAM

使用call_user_func_array像这样：

 $stmt = $mysqli->prepare("INSERT INTO t_file_result VALUES(?,?,?,?)"); $id = '1111'; $type = 2; $result = 1; $path = '/root'; $param = array('siis', &$id, &$type, &$result, &$path); call_user_func_array(array($stmt, 'bind_param'), $param); $stmt->execute(); printf("%d row inserted. \n", $stmt->effected_rows); $stmt->close; 

我也遇到了麻烦，并得到它与eval工作之前，发现大多数人正在使用call_user_func_array

 $fields = array('model','title','price'); // fields in WHERE clause $values = array( // type and value for each field array('s','ABCD-1001'), array('s','[CD] Test Title'), array('d','16.00') ); $sql = "SELECT * FROM products_info WHERE "; // start of query foreach ($fields as $current){ // build where clause from fields $sql .= '`' . $current . '` = ? AND '; } $sql = rtrim($sql,'AND '); // remove last AND $stmt = $db->prepare($sql); $types = ''; $vals = ''; foreach ($values as $index => $current_val){ // build type string and parameters $types .= $current_val[0]; $vals .= '$values[' . $index . '][1],'; } $vals = rtrim($vals,','); // remove last comma $sql_stmt = '$stmt->bind_param("' . $types . '",' . $vals . ');'; // put bind_param line together eval($sql_stmt); // execute bind_param $stmt->execute(); $stmt->bind_result($col1,$col2,$col3,$col4,$col5,$col6); // this could probably also be done dynamically in the same way while ($stmt->fetch()){ printf("%s %s %s %s %s %s\n", $col1,$col2,$col3,$col4,$col5,$col6); }