调用php时如何将php变量传入mysql存储过程

pcww981p 于 2021-06-20 发布在 Mysql

关注(0)|答案(1)|浏览(362)

我要把php变量传给存储过程调用，存储过程对我来说是新的，请帮我..提前谢谢

<?php
include('connection.php');
if(isset($_POST["state_id"]) && !empty($_POST["state_id"]) && isset($_POST["cat_id"]) && !empty($_POST["cat_id"])){
    $categoryid=$_POST["cat_id"];
    $qttypeid=$_POST["state_id"];
    if(($_POST["state_id"]=='1') || ($_POST["state_id"]=='2') ){
        $res4=mysqli_query($con,"call PP4($categoryid,$qttypeid)");
        echo $res4;
        while($res4a=mysqli_fetch_array($res4)){ 
            echo '<option value="'.$res4a['locId'].'">'.$res4a['access'].'</option>';
        }
    }else{
        $res4=mysqli_query($con,"call PP1");
        while($res4a=mysqli_fetch_array($res4)){ 
            echo '<option value="'.$res4a['locId'].'">'.$res4a['access'].'</option>';
        }   
    }
}
?>

mysql php stored-procedures

来源：https://stackoverflow.com/questions/52660558/how-to-pass-php-variable-into-mysql-stored-procedure-while-calling-in-php

1条答案

按热度按时间

8aqjt8rx1#

如果您打开了sql注入，您将需要使用准备好的语句对您的参数进行sanatize。下面是如何使用prepared station调用存储过程。

$connect = new mysqli($servername, $username, $password, $dbname);

// bind the first parameter to the session variable @categoryid
$stmt = $connect->prepare('SET @categoryid := ?');
$stmt->bind_param('s', $categoryid);
$stmt->execute();

// bind the second parameter to the session variable @qttypeid
$stmt = $connect->prepare('SET @qttypeid := ?');
$stmt->bind_param('s', $qttypeid);
$stmt->execute();

// execute the stored Procedure
$result = $connect->query('call PP4(@categoryid, @qttypeid, @msg)');

// getting the value of the OUT parameter
$result = $mysqli->query('SELECT @msg as _output');
$row = $result->fetch_assoc();                       
echo $row['_output'];

赞(0）回复(0）举报 2021-06-21

我来回答

调用php时如何将php变量传入mysql存储过程

1条答案

相关问题

热门标签

最新问答