PHP 使用准备好的语句检查 WHERE 子句中的字符串
我正在尝试为具有准备好的语句的用户插入时间戳。然而,idHash 是一个字符串,它永远不会将该字符串插入到正确的行中。当表中 idHash 为空时,这些行会受到影响。我如何告诉 PHP 我希望将其视为字符串?
function setLastRefresh($idHash)
{
global $dbUser;
global $dbPass;
// check if the user is in any of the other tables or if sb is trying to hack the db
$db = new PDO('mysql:host=localhost;dbname=myDB', $dbUser, $dbPass);
$preparedStatement = $db->prepare("update users set lastRefresh = NOW() WHERE idHash=:idHash");
$preparedStatement->execute(array(':idHash' => $idHash));
$preparedStatement->closeCursor();
return 0;
}
I'm trying to insert a timestamp for a user with prepared statements. However, idHash is a string and it never inserts the string in the correct row. When idHash is empty in the table, these rows are affected. How can I tell PHP that I want this to be treated as a string??
function setLastRefresh($idHash)
{
global $dbUser;
global $dbPass;
// check if the user is in any of the other tables or if sb is trying to hack the db
$db = new PDO('mysql:host=localhost;dbname=myDB', $dbUser, $dbPass);
$preparedStatement = $db->prepare("update users set lastRefresh = NOW() WHERE idHash=:idHash");
$preparedStatement->execute(array(':idHash' => $idHash));
$preparedStatement->closeCursor();
return 0;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以在绑定参数时指定数据类型。您想要使用
PDO::PARAM_STR类型。请参阅http://www.php.net/manual/en/pdostatement.bindparam。 php 为例。您必须稍微更改指定参数和执行的方式。
You can specify the data type when you bind the parameter. You want to use the
PDO::PARAM_STRtype.See http://www.php.net/manual/en/pdostatement.bindparam.php for an example. You'll have to change how you're specifying parameters and executing a little bit.