如何在此查询中使用准备好的语句?
我是 PHP 和 PDO 的新手,我尝试在这里使用准备好的语句。经过 1 个小时的尝试后我放弃了。或者我的教程非常糟糕。
编辑:
在没有准备好的语句的情况下,这可以完美地工作:
try {
$dbh = new PDO('mysql:host=localhost;dbname=test', 'root', 'root');
$prepared = $dbh->prepare('SELECT * from sys_navigation_point WHERE name="root"');
//$prepared->bindParam('foo', 'root');
$prepared->execute();
foreach($prepared as $row) {
print_r($row);
}
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
但这对于准备好的语句根本不起作用。执行此操作时出现完全空白的页面:
try {
$dbh = new PDO('mysql:host=localhost;dbname=test', 'root', 'root');
$prepared = $dbh->prepare('SELECT * from sys_navigation_point WHERE name=:foo');
$prepared->bindParam('foo', 'root');
$prepared->execute();
foreach($prepared as $row) {
print_r($row);
}
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
foo 应替换为 root。然而,事实并非如此。
I'm new to PHP and PDO, and I try to use prepared statements here. After 1 hour of trying around I give up. Or my tutorial was just horribly bad.
EDIT:
This works perfectly without prepared statements:
try {
$dbh = new PDO('mysql:host=localhost;dbname=test', 'root', 'root');
$prepared = $dbh->prepare('SELECT * from sys_navigation_point WHERE name="root"');
//$prepared->bindParam('foo', 'root');
$prepared->execute();
foreach($prepared as $row) {
print_r($row);
}
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
But this does not work at all with a prepared statement. Getting a totally blank page when doing this:
try {
$dbh = new PDO('mysql:host=localhost;dbname=test', 'root', 'root');
$prepared = $dbh->prepare('SELECT * from sys_navigation_point WHERE name=:foo');
$prepared->bindParam('foo', 'root');
$prepared->execute();
foreach($prepared as $row) {
print_r($row);
}
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
foo should be replaced with root. However, it doesn't.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
绑定时也尝试在名称中使用冒号:
正如文档中所做的那样: http ://php.net/manual/en/pdostatement.bindparam.php
Try using the colon in the name, too while binding:
As it is done in the docs: http://php.net/manual/en/pdostatement.bindparam.php
bindParam的第二个参数必须 是一个变量,否则您将收到致命错误。所以,或者:
很容易弄清楚何时显示错误消息:
Your
bindParam's second parameter has to be a variable, otherwise you'll get a fatal error. So,or:
It's easy to figure out when error messages are displayed:
您不能将参数用于表和列名称之类的内容,它仅用于数据,而不用于完全动态查询
这应该有效:
编辑:这应该是真正的解决方案。
通过查看文档,很明显该模式具有成为:
那么你就:
You can't use params for stuff like table and column names, it's meant to be used for data only, not for fully dynamic queries
This should work:
EDIT: This should be the real solution.
By looking at the documentation, it's clear that the pattern has to be:
Then you do:
http://www.php.net/manual/en/pdo.prepare。 php
那里的评论者说它不适用于关键字、表名称、视图名称和字段名称
所以你需要
$prepared = $dbh->prepare('SELECT * from ' . $table);因为它只适用于列变量。
http://www.php.net/manual/en/pdo.prepare.php
A commenter there says that it doesn't work properly for keywords, table names, view names and field names
So you'd need
$prepared = $dbh->prepare('SELECT * from ' . $table);As it only really works for column variables.
您不能在 MySQL 准备好的语句中绑定表,只能绑定值。来自手册:
You cannot bind a table in a MySQL prepared statement, you can only bind values. From the manual: