准备好的声明中的参数包含连字符（

准备好的声明中的参数包含连字符（ - ）？(Param in Prepared Statement contains Hyphen (-)?)

我正在尝试将所有标准MySQLi查询重写为MySQLi Prepared Statements。

我注意到了一个问题，每当我有一个包含连字符的变量时，execute（）就会失败。

我正在处理的变量（$ project_id）如下所示：'AAD0012003-01'。

$get_progress_done = $db->prepare("SELECT COUNT(*) as rows FROM testvoorstage_checklists.?"); $get_progress_done->bind_param("s", $project_id); $get_progress_done->execute(); $get_progress_done->store_result(); $get_progress_done->bind_result($rows); while($get_progress_done->fetch()) { echo $rows; }

我现在一直在寻找一个解决方案，我仍然没有找到一种方法来“逃避”变量中的连字符。

我知道查询确实有效，因为我已经在PHPMyAdmin中使用set变量尝试了它们，并且它们在那里工作正常。

我正在学习准备语句，我很想知道如何解决这个问题，因为我有很多包含特殊字符的变量。

我得到的错误是：

在非对象上调用成员函数bind_param（）

I'm trying to rewrite all of my standard MySQLi queries to MySQLi Prepared Statements.

I've noticed a problem though, whenever I have a variable that contains a hyphen, the execute() fails.

The variables I'm dealing with ($project_id) look like this: 'AAD0012003-01'.

$get_progress_done = $db->prepare("SELECT COUNT(*) as rows FROM testvoorstage_checklists.?"); $get_progress_done->bind_param("s", $project_id); $get_progress_done->execute(); $get_progress_done->store_result(); $get_progress_done->bind_result($rows); while($get_progress_done->fetch()) { echo $rows; }

I've been searching for a solution for a couple of days now, and I still haven't found a way to 'escape' the hyphen in a variable.

I know the queries do work, because I've tried them in PHPMyAdmin with a set variable and they are working fine there.

I'm learning Prepared Statements, and I would love to know how to fix this because I have quite alot of variables that contain special characters.

The error I'm getting is:

Call to a member function bind_param() on a non-object

最满意答案

您的问题与连字符或准备好的语句无关。 真正的问题是您的数据库设计 。 您必须将所有项目存储在同一个表中，而不是为每个项目设置单独的表。 请明智地命名您的变量。 无论如何， $db->prepare返回的内容都不是$get_progress_done - 它只是一个mysqli语句。

所以，这段代码会做

$sql = "SELECT COUNT(*) as rows FROM projects where project_id = ?"; $stmt = $db->prepare($sql); $stmt->bind_param("s", $project_id); $stmt->execute(); $stmt->bind_result($rows); $stmt->fetch(); echo $rows;

但是，在我的生活中，我永远不会理解编写7行代码的PHP用户，其中只有一行是足够的。

Your problem has nothing to do with hyphens or prepared statements. The real problem is your database design. Instead of having a separate table for the each project, you have to store all the projects in the same table. Please name your variables sensibly. What $db->prepare returns is not, by any means, whatever $get_progress_done - it's merely a mysqli statement.

So, this code will do

$sql = "SELECT COUNT(*) as rows FROM projects where project_id = ?"; $stmt = $db->prepare($sql); $stmt->bind_param("s", $project_id); $stmt->execute(); $stmt->bind_result($rows); $stmt->fetch(); echo $rows;

However, I will never in my life understand PHP users who are writing 7 lines of code where only one is enough.