MySQLi prepared statement with dynamic update query
I'm busy changing from normal mysql_queries to prepared statements, now I found a function that generated a dynamic query based on how many fields were not empty.
I managed to convert it so it runs each field as a separate query, but is there a way to put all these queries into one query without converting to PDO ?
public function edit($ticket_id, $department_id = '', $location_id = '', $ticketcat_id = '', $ticketsta_id = '',
$ticketmed_id = '', $ticketpri_id = '', $ticket_assigned = '', $ticket_plandate = '',
$ticket_user_name = '', $ticket_user_email = '', $ticket_user_phone = '', $ticket_subject = '') {
$data = array(
array('field' => 'department_id', 'value' => $department_id, 'type' => 'i'),
array('field' => 'location_id', 'value' => $location_id, 'type' => 'i'),
array('field' => 'ticketcat_id', 'value' => $ticketcat_id, 'type' => 'i'),
array('field' => 'ticketsta_id', 'value' => $ticketsta_id, 'type' => 'i'),
array('field' => 'ticketmed_id', 'value' => $ticketmed_id, 'type' => 'i'),
array('field' => 'ticketpri_id', 'value' => $ticketpri_id, 'type' => 'i'),
array('field' => 'ticket_assigned', 'value' => $ticket_assigned, 'type' => 'i'),
array(开发者_Go百科'field' => 'ticket_plandate', 'value' => $ticket_plandate, 'type' => 's'),
array('field' => 'ticket_user_name', 'value' => $ticket_user_name, 'type' => 's'),
array('field' => 'ticket_user_email', 'value' => $ticket_user_email, 'type' => 's'),
array('field' => 'ticket_user_phone', 'value' => $ticket_user_phone, 'type' => 's'),
array('field' => 'ticket_subject', 'value' => $ticket_subject, 'type' => 's')
);
foreach($data as $id => $data_) {
IF(empty($data_['value'])) unset($data[$id]);
}
IF(count($data) > 0) {
$errors = false;
$query = 'UPDATE tickets SET ';
foreach($data as $id => $values) {
$query2 = $query.$values['field'].' = ? WHERE ticket_id = ? ';
echo $query2.'<br />';
IF($stmt = $this->db->prepare($query2)) {
$types = $values['type'].'i';
$stmt->bind_param($types, $values['value'], $ticket_id);
IF(!($stmt->execute())) {
$errors = true;
}
$stmt->close();
}
}
IF(!$errors) {
$this->db->commit();
return true;
}
return false;
}
}
The trick is to construct an array that contains the parameters that you want to bind, then with the help of call_user_func_array
, you can pass this array to bind_param
.
See http://www.php.net/manual/en/function.call-user-func-array.php for details on call_user_func_array
.
Your code can be something like:
$para_type="";
/* $para is the array that later passed into bind_param */
$para=array($para_type);
$query = 'UPDATE tickets SET ';
IF(count($data) != 0) {
/* Looping all values */
foreach($data as $k=>$d) {
$query .= '`'.$d['field'].'` = ? ,';
$para_type .=$d['type'];
$para[] = &$data[$k]['value'];
}
/* removing last comma */
$query[(strlen($query)-2)] = '';
/* adding where */
$query .= ' WHERE `ticket_id` = ?';
$para_type .= 'i';
$para[]=&$ticket_id;
call_user_func_array(array($stmt, 'bind_param'), $para);
return true;
}
Notice the &
in front of all parameters, it is required by bind_param
.
Another way which I think is better is to use PDO. It takes named parameter and can do incremental bind.
精彩评论