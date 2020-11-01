Products filtering options through mysqli_prepare

I’m looking for a tutorial or example about the correct way to handle this quite common query through a mysqli prepared statement.

$stmt = $con -> prepare ("SELECT * FROM products 
                          WHERE published = 'Yes' 
                          AND category IN ='dresses, skirts' 
                          AND color IN 'blue, pink, yellow' 
                          AND price BETWEEN '10' AND '15' 
                          ORDER by price ASC, BY new DESC");

Here is an exerpt from my code, but I’m stuck. I don’t know how to handle it.

if (isset($_POST['action']))
   {   
       $published='Y'; 
       $sort_products = $con -> prepare ( "select * from products where published = ?   ");   
		
		if ( isset ($_POST['product_category']))
		   { 
		     $array= $_POST['product_category'];
		     $product_category = implode(',', array_fill(0, count($array), '?')); // creates a string containing ?,?,? 
			 		   
			 $sort_products .= "AND p_cat_id  IN (". $product_category." )  ";
			 call_user_func_array(array($sort_products, 'bind_param'), $params_category);
		   }	 
		  
		
	 	if ( isset ($_POST['product_main_color']))
		   { $array= $_POST['product_main_color'];
		     $product_brand = implode(',', array_fill(0, count($array), '?')); // creates a string containing ?,?,? 
			 $array[] = $this->getTime();
             $types = str_repeat('i', count($array));			 
			 $params_color = array($types);
			 foreach ($array as $key => $value) 
					 {  $params_color[] = &$array[$key];
					 }
		     $sort_products .= "AND product_main_color  IN (". $product_main_color." )  ";
			 call_user_func_array(array($sort_products, 'bind_param'), $params_color);
		   }

        if ( isset ($_POST['price_from']) &&  isset ($_POST['price_upto']) )
		   { 
		      $sort_products .= "AND price  BETWEEN ? AND ? ";			  
		   }

        if ( isset ($_POST['order_1'])  )
		   { 
		      $sort_products .= "ORDER BY ? ";			  
		   }

        if ( isset ($_POST['order_2'])  )
		   { 
		      $sort_products .= ", ? ";			  
		   }

$sort_products -> bind_params   ///  How to bind all of these params ?

How to bind these params all together ? What’s the correct way of writing this query ?
Thanks

FWIW, I wouldn’t do this with mysqli, because with PDO, you don’t have to bind parameters.
You simply pass in an array of values when you execute.
The array can be built up in your conditions, where you currently build up your string of ?.

$stmt->execute($values);

There is a simple example here with an IN clause. Yours has a few more conditions to build up the array of values. But the principles are the same.