如何进行参数化查询
[状态:学习者]
我正在尝试实现参数化查询,但遇到问题。 Jonathan Sampson 最近暗示了如何做到这一点(#2286115),但我没有正确遵循他的建议。这是我的脚本
$cGrade = "grade" ;
include_once ( "db_login.php" ) ;
$sql = "SELECT last_name AS last_name
, first_name AS first_name
, grade AS gr
, ethnic AS eth
, sex AS sex
, student_id AS id_num
, reason AS reason
, mon_init AS since
FROM t_tims0809
WHERE tag <> '' AND
tag IS NOT NULL AND
schcode = {$schcode}
ORDER
BY ('%s') " ;
$qResult = mysql_query ( sprintf ( $sql, $cGrade ) or ( "Error: " . mysql_error() ) ) ;
查询与 ORDER BY 短语中的 grade 配合得很好。
谢谢。
[ Status: Learner ]
I am attempting to implement a parameterized query but I am having problems. Jonathan Sampson recently hinted at how this could be done (#2286115), but I'm not following his suggestion correctly. Here is my script
$cGrade = "grade" ;
include_once ( "db_login.php" ) ;
$sql = "SELECT last_name AS last_name
, first_name AS first_name
, grade AS gr
, ethnic AS eth
, sex AS sex
, student_id AS id_num
, reason AS reason
, mon_init AS since
FROM t_tims0809
WHERE tag <> '' AND
tag IS NOT NULL AND
schcode = {$schcode}
ORDER
BY ('%s') " ;
$qResult = mysql_query ( sprintf ( $sql, $cGrade ) or ( "Error: " . mysql_error() ) ) ;
The query works fine with grade in the ORDER BY phrase.
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
查看 MySQLi 准备好的语句 类:
来自 PHP 手册。
我觉得这是一种执行参数化查询的更优越的方式,我已经在可能的情况下切换到准备好的语句,特别是在批量插入/选择期间。
Check out the MySQLi prepared statements class:
From the PHP manual.
I feel it's a much superior way of doing parameterized queries, I've switched over to prepared statements when possible, especially during bulk inserts/selects.
Xorlev的回答是完全正确的。还有其他语法选项。您可以按名称在查询中指定绑定变量:
或者,如果您想速记并跳过对
bindParam()的调用:Xorlev's answer is entirely correct. There are other options for syntax too. You can specify the bind variables within the query by name:
Or if you want to do things shorthand and skip the call to
bindParam():