PHP PDO bindValue() 不起作用
<?php
try
{
$db = new PDO("mysql:host=localhost;dbname=DBNAME", "USER", "PASSWD");
$stmt = $db->prepare("SELECT id, name FROM testdb ORDER BY time DESC LIMIT :index, 10");
$stmt->bindValue(":index", $_GET['index'], PDO::PARAM_INT);
$stmt->execute();
while( $r = $stmt->fetch(PDO::FETCH_ASSOC) )
{
echo var_dump($r);
}
}
catch( PDOException $e )
{
die("Exception");
}
问题出在这一行: $stmt->bindValue(":index", $_GET['index'], PDO::PARAM_INT);
而具体参数是第二个。
上面的代码不起作用,它不返回任何内容,因此 while 循环不被执行。如果我将 $_GET['index'] 替换为数字(例如 10),它就可以正常工作,它会返回 10 行。回显 $_GET['index'] 显示一个数字,因此它应该传递一个数字。我也尝试过bindParam,但结果是一样的。
为什么这不起作用?
编辑:
有趣...如果我用 (int)$_GET['index'] 替换 $_GET['index'] 它就可以工作。
<?php
try
{
$db = new PDO("mysql:host=localhost;dbname=DBNAME", "USER", "PASSWD");
$stmt = $db->prepare("SELECT id, name FROM testdb ORDER BY time DESC LIMIT :index, 10");
$stmt->bindValue(":index", $_GET['index'], PDO::PARAM_INT);
$stmt->execute();
while( $r = $stmt->fetch(PDO::FETCH_ASSOC) )
{
echo var_dump($r);
}
}
catch( PDOException $e )
{
die("Exception");
}
The problem is on this line: $stmt->bindValue(":index", $_GET['index'], PDO::PARAM_INT);
And the specific parameter is the second one.
The code as it is above doesn't work, it doesn't return anything so the while loop isn't executed. If I replace $_GET['index'] with a number, like 10, it works just fine, it returns 10 rows. Echoing $_GET['index'] displays a number, so it should pass a number. I've also tried bindParam, but the result is same.
Why isn't this working?
EDIT:
Interesting... If I replace $_GET['index'] with (int)$_GET['index'] it works.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果你检查 $stmt->errorInfo() 你实际上会发现你的查询失败了。
PDO::PARAM_INT 告诉 PDO 您正在给它一个整数。如果您没有给 PDO 一个整数,PDO 将引用 sql 字符串中的值。
$_GET 中的所有值都是数组或字符串。您通过在将 $_GET['index'] 绑定为值之前将其强制为整数来完成正确的操作。通过这样做,PDO 获取一个整数,并期望来自 PDO::PARAM_INT 的整数,因此不会引用 sql 字符串中的值。
If you check $stmt->errorInfo() you will actually find that your query failed.
PDO::PARAM_INT tells PDO that you are giving it an integer. If you do not give PDO an integer, PDO will quote the value in the sql string.
All values in $_GET are either an array or a string. You did the correct thing by coercing $_GET['index'] to an integer before binding it as a value. By doing this, PDO gets an integer, was expecting an integer from PDO::PARAM_INT, and therefore will not quote the value in the sql string.
$_GET超级全局数组中的值是字符串:PHP 不会猜测查询字符串中传递的内容。如果您希望将
$_GET中的一个值视为整数(这正是您想要的),您需要自己将其转换为整数。为此,您可以使用:
类型转换:(int)$_GET['yourval']intval()函数,允许指定要使用的基数Values in the
$_GETsuper-global array are strings : PHP doesn't guess what's passed iin the querystring.If you want one value from
$_GETto be considered as an integer -- which is what you want, here -- you'll need to convert it to an integer yourself.In order to do that, you can use :
typecast:(int)$_GET['yourval']intval()function, which allows one to specific the base that's to be used听起来 $_GET['index'] 不是您期望的那样。使用 var_dump() 更仔细地检查值。注意 var_dump 报告的字符串长度,因为有些字符肉眼无法察觉,但字符串的长度会讲述隐藏的故事。
Sounds like $_GET['index'] is not what you expect it to be. Use var_dump() to inspect the value closer. Pay attention to the length of the string that var_dump reports, because some characters are not visually detectable, but the length of the string will tell the hidden story.