ユーザが複数のパラメータを指定してmysqlを検索クエリ

Question

私はPHPを使用して検索オプションを開発しています。ユーザーは、ID、名前、ステータスこれら3 parameters.belowの組み合わせのいずれかを与えたときにそこに私が検索することができ、ユーザ与えられた基準のユーザーを使用して検索を実行する必要があることは私のコードである

if(isset($_POST['search'])) 
    { 
     echo "<script> document.getElementById('tblsearch').style.display = 'block' </script> "; 

     $serviceNumber=$_POST['serviceNumber']; 
     $name=$_POST['name']; 
     $pendingfrom=$_POST['pendingfrom']; 
     $status=$_POST['status']; 
     $datefrom=$_POST['datefrom']; 
     $dateto=$_POST['dateto']; 
     $searchkey='serviceNumber'; 




$mysqli = new mysqli("localhost", "root", "", "user_management"); 

/* check connection */ 
if (mysqli_connect_errno()) { 
    printf("Connect failed: %s\n", mysqli_connect_error()); 
    exit(); 
} 

    $query = 'SELECT * FROM user WHERE '; 
    $where = array(); 
    $values = array(); 
    $types = ''; 

    if (!empty($_POST['serviceNumber'])) { 
     $where[] = 'serviceNumber = ?'; 
     $values[] = $_POST['serviceNumber']; 
     $types .= 'i'; 
    } 

    if (!empty($_POST['name'])) { 
     $where[] = 'Username = ?'; 
     $values[] = $_POST['name']; 
     $types .= 's'; 
    } 

    if (!empty($_POST['status'])) { 
     $where[] = 'status = ?'; 
     $values[] = $_POST['status']; 
     $types .= 's'; 
    } 



     $query .= implode(' AND ',$where); 
     printf("rows inserted: %d\n", $query); 



    printf("rows inserted: %d\n", $values); 

/* prepare statement */ 
if ($stmt = $mysqli->prepare($query)) { 

    /* Bind variable for placeholder */ 

    $stmt->bind_param($types,$values); 

    /* execute statement */ 

    $stmt->execute(); 
    $res = $stmt->get_result(); 
    $row = $res->fetch_assoc(); 

    printf("rows inserted: %d\n", $stmt->num_rows); 

    /* close statement */ 
    $stmt->close(); 
} 

/* close connection */ 
    $mysqli->close(); 

below line i was going confused,because $values is an array.i need to pass user given paremeters to this in order to execute.

$stmt->bind_param($types,$values); 

so in order to get correct results how do i need to do this.

Answer 1

は、以下を試してみてください：

 if(isset($_POST['search'])) 
     { 
     echo "<script> document.getElementById('tblsearch').style.display = 'block' </script> "; 

    $serviceNumber=$_POST['serviceNumber']; 
    $name=$_POST['name']; 
    $pendingfrom=$_POST['pendingfrom']; 
    $status=$_POST['status']; 
    $datefrom=$_POST['datefrom']; 
    $dateto=$_POST['dateto']; 
    $searchkey='serviceNumber'; 




$mysqli = new mysqli("localhost", "root", "", "user_management"); 

/* check connection */ 
if (mysqli_connect_errno()) { 
printf("Connect failed: %s\n", mysqli_connect_error()); 
exit(); 
} 

$query = 'SELECT * FROM user WHERE '; 

if (!empty($_POST['serviceNumber'])) { 
    $query .="serviceNumber='$searchkey' "; 

} 

if (!empty($_POST['name'])) { 
      $query .="and Username='$name' "; 

} 

if (!empty($_POST['status'])) { 
    $where[] = 'status = ?'; 
    $values[] = $_POST['status']; 
      $query .=" and status='$status' "; 
} 




/* prepare statement */ 
if ($stmt = $mysqli->prepare($query)) { 

/* Bind variable for placeholder */ 

$stmt->bind_param($types,$values); 

/* execute statement */ 

$stmt->execute(); 
$res = $stmt->get_result(); 
$row = $res->fetch_assoc(); 

printf("rows inserted: %d\n", $stmt->num_rows); 

/* close statement */ 
$stmt->close(); 
} 

    /* close connection */ 
$mysqli->close(); 

・ホープ、このことができます。

Answer 2

call_user_func_array()を使用すると、パラメータの配列を持つ関数を呼び出すことができます。パラメータは、bind_paramメソッドに渡すために参照として格納する必要があります。要するに、最初の値が文字列で、残りがパラメータへの参照である配列が必要です。例えば

：

$bindParams = [$types]; 
foreach ($values as $key => $value) { 
    $bindParams[$key] = &$value; 
} 

call_user_func_array(
    [$stmt, 'bind_param'], //array with the object and the method - callable 
    $bindParams 
);