PHP + Mysqli 参数化搜索的实现

<?php
    $steamid = "KIDJourney";
    $tiebaid = "DSB";
    $mysqli = new mysqli("localhost","KIDJourney","PASSWORD","XXXXX");
    if ($mysqli->connect_errno){
        die ("connect error" );
    }       
    $pQuery = "SELECT * FROM trickerlist WHERE steamid=? or tiebaid=?";
    if ($pQProcess = $mysqli->prepare($pQuery)){
        $parameterList = array(‘1‘,‘2‘,‘3‘,‘4‘,‘5‘,‘6‘);
        $pQProcess->bind_param("ss",$steamid,$tiebaid);
        $pQProcess->execute();
        $pQProcess->bind_result($parameterList[0],$parameterList[1],$parameterList[2],$parameterList[3],$parameterList[4],$parameterList[5]);
        $pQProcess->fetch();
        $pQProcess->close();
        print_r($parameterList);
    }
    $mysqli->close();
?>

可以用call_user_func_array来简化bind_result()的参数输入。

但是比较难懂，等我看懂了再贴上来。