准备语句时参数解包后不能使用位置参数
Cannot use positional arguments after argument unpacking while preparing a statement
我试图将可变数量的值绑定到我准备好的语句的 IN () 条件中,并在稍后的查询中绑定更多的值,但我收到一个错误:
PHP Fatal error: Cannot use positional argument after argument unpacking.
我的代码如下:
$ccarr=explode(",", $cc);
$in = str_repeat('?,', count($ccarr) - 1) . '?';
$op_r=$tfvarr[2];
$budg_et=$tfvarr[1];
$budg_et1=$tfvarr111111;
$sqldesk="SELECT subsubcatid_parent, plink, deskid, sum(itprice) as totprice FROM desktop_items a, items_table b, obsubsubcat c where subsubcatid_parent IN ($in) and a.itno = b.itno and a.subsubcatid_parent=c.subsubcatid group by subsubcatid_parent, deskid having totprice > ? && totprice ? ?" ;
if($stmtdesk = $conn->prepare($sqldesk))
{
$types = str_repeat('i', count($ccarr));
$types .= 'isi';
$stmtdesk->bind_param($types, ...$ccarr, $budg_et1, $op_r, $budg_et);
$stmtdesk->execute();
$stmtdesk->store_result();
$stmtdesk->bind_result($subsubcatid_parentdesk, $plinkdesk, $deskiddesk, $totpricedesk);
}
如何在不出现解包错误的情况下绑定所有值?
我建议您将额外的值放入 $ccarr 数组中,这样您只需要在 bind_param().
中拼写 $ccarr
看起来 $op_r 是一个“运算符”,而不是一个值。所以不应该绑定。 Listen to Victor。运算符值应根据硬编码值的白名单进行验证,并直接注入您的查询字符串。
$ccarr = explode(",", $cc);
$in = str_repeat('?,', count($ccarr) - 1) . '?';
$op_r = $tfvarr[2];
$budg_et = $tfvarr[1];
$budg_et1 = $tfvarr111111;
array_push($ccarr, $budg_et1, $budg_et);
$types = str_repeat('i', count($ccarr));
$sqldesk = "SELECT subsubcatid_parent, plink, deskid, SUM(itprice) AS totprice
FROM desktop_items a
JOIN items_table b ON a.itno = b.itno
JOIN obsubsubcat c ON a.subsubcatid_parent = c.subsubcatid
WHERE subsubcatid_parent IN ($in)
GROUP BY subsubcatid_parent, deskid
HAVING totprice > ? AND totprice {$op_r} ?";
$stmtdesk = $conn->prepare($sqldesk);
$stmtdesk->bind_param($types, ...$ccarr);
$stmtdesk->execute();
$stmtdesk->store_result();
$stmtdesk->bind_result($subsubcatid_parentdesk, $plinkdesk, $deskiddesk, $totpricedesk);
此外,我不建议使用老式的逗号连接。显式声明 JOIN 更清晰、更现代,并且使用 ON 表达式来描述连接关系。
最后,MySQL中的&&应该是AND。始终使用全大写字母在 sql 字符串中写入 MySQL 关键字。
我试图将可变数量的值绑定到我准备好的语句的 IN () 条件中,并在稍后的查询中绑定更多的值,但我收到一个错误:
PHP Fatal error: Cannot use positional argument after argument unpacking.
我的代码如下:
$ccarr=explode(",", $cc);
$in = str_repeat('?,', count($ccarr) - 1) . '?';
$op_r=$tfvarr[2];
$budg_et=$tfvarr[1];
$budg_et1=$tfvarr111111;
$sqldesk="SELECT subsubcatid_parent, plink, deskid, sum(itprice) as totprice FROM desktop_items a, items_table b, obsubsubcat c where subsubcatid_parent IN ($in) and a.itno = b.itno and a.subsubcatid_parent=c.subsubcatid group by subsubcatid_parent, deskid having totprice > ? && totprice ? ?" ;
if($stmtdesk = $conn->prepare($sqldesk))
{
$types = str_repeat('i', count($ccarr));
$types .= 'isi';
$stmtdesk->bind_param($types, ...$ccarr, $budg_et1, $op_r, $budg_et);
$stmtdesk->execute();
$stmtdesk->store_result();
$stmtdesk->bind_result($subsubcatid_parentdesk, $plinkdesk, $deskiddesk, $totpricedesk);
}
如何在不出现解包错误的情况下绑定所有值?
我建议您将额外的值放入 $ccarr 数组中,这样您只需要在 bind_param().
$ccarr
看起来 $op_r 是一个“运算符”,而不是一个值。所以不应该绑定。 Listen to Victor。运算符值应根据硬编码值的白名单进行验证,并直接注入您的查询字符串。
$ccarr = explode(",", $cc);
$in = str_repeat('?,', count($ccarr) - 1) . '?';
$op_r = $tfvarr[2];
$budg_et = $tfvarr[1];
$budg_et1 = $tfvarr111111;
array_push($ccarr, $budg_et1, $budg_et);
$types = str_repeat('i', count($ccarr));
$sqldesk = "SELECT subsubcatid_parent, plink, deskid, SUM(itprice) AS totprice
FROM desktop_items a
JOIN items_table b ON a.itno = b.itno
JOIN obsubsubcat c ON a.subsubcatid_parent = c.subsubcatid
WHERE subsubcatid_parent IN ($in)
GROUP BY subsubcatid_parent, deskid
HAVING totprice > ? AND totprice {$op_r} ?";
$stmtdesk = $conn->prepare($sqldesk);
$stmtdesk->bind_param($types, ...$ccarr);
$stmtdesk->execute();
$stmtdesk->store_result();
$stmtdesk->bind_result($subsubcatid_parentdesk, $plinkdesk, $deskiddesk, $totpricedesk);
此外,我不建议使用老式的逗号连接。显式声明 JOIN 更清晰、更现代,并且使用 ON 表达式来描述连接关系。
最后,MySQL中的&&应该是AND。始终使用全大写字母在 sql 字符串中写入 MySQL 关键字。