PDO:将多余的参数传递给已准备好的语句 [英] PDO: Passing extra parameters to a prepared statment than needed
问题描述
您是否可以使用PDO向准备好的语句发送比所需更多的参数,而不会产生不希望的副作用?
这似乎是一个奇怪的问题,但是我问,因为我连续有4个查询,它们都使用相似和不同的参数.查询的相关部分:
That mights seem like a strange question but I ask because I have 4 queries in a row which all use similar and different parameters. The relevant parts of the queries:
第1个(选择的表与其他表不同):
WHERE threadID = :tid
1st (select, different table to others):
WHERE threadID = :tid
第二个(选择):
WHERE user_ID = :u_ID AND thread_ID = :tid
2nd (select):
WHERE user_ID = :u_ID AND thread_ID = :tid
第3次(如果第2次成功,则更新):
SET time = :current_time WHERE user_ID = :u_ID AND thread_ID = :tid
3rd (update if 2nd was successful):
SET time = :current_time WHERE user_ID = :u_ID AND thread_ID = :tid
第4个(如果第2个失败,则插入):
VALUES (:u_ID, :tid, :current_time)
4th (insert if 2nd was unsuccessful):
VALUES (:u_ID, :tid, :current_time)
我可以在开头声明一个带有三个参数的数组,并将其用于所有4个查询吗?
Can I declare one array with the three parameters at the beginning and use it for all 4 queries?
要解决任何混乱,将单独执行查询.它是正在重用的parameter变量,因此这意味着某些查询将收到不需要的参数.像这样:
To sort out any confusion, the queries would be executed seperately. It is the parameters variable being reused and so that would mean some queries would receive parameters they don't need. So something like:
$parameters = array(':tid' => $tid, ':u_ID' => $u_ID, ':current_time' => $time);
$1st = $db->prepare($query1);
$1st->execute($parameters);
$2nd = $db->prepare($query2);
$2nd->execute($parameters);
$3rd = $db->prepare($query3);
$3rd->execute($parameters);
$4th = $db->prepare($query4);
$4th->execute($parameters);
如果可以的话,我应该吗?这会减慢速度还是会导致我的数据库或脚本出现安全漏洞?
If I can, should I? Will this slow down or cause security flaws to my database or scripts?
如果我可以更清楚地说明这个问题,请询问.
If I can make this question a bit clearer, please ask.
谢谢!
推荐答案
我有机会测试我的问题,答案是您发送的参数不能超过查询所使用的参数.您收到以下错误:
I got a chance to test my question, and the answer is you cannot send more parameters than the query uses. You get the following error:
PDOException Object
(
[message:protected] => SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
[string:Exception:private] =>
[code:protected] => HY093
[file:protected] => C:\Destination\to\file.php
[line:protected] => line number
[trace:Exception:private] => Array
(
[0] => Array
(
[file] => C:\Destination\to\file.php
[line] => line number
[function] => execute
[class] => PDOStatement
[type] => ->
[args] => Array
(
[0] => Array
(
[:u_ID] => 1
[:tid] => 1
[:current_time] => 1353524522
)
)
)
[1] => Array
(
[file] => C:\Destination\to\file.php
[line] => line number
[function] => function name
[class] => class name
[type] => ->
[args] => Array
(
[0] => SELECT
column
FROM
table
WHERE
user_ID = :u_ID AND
thread_ID = :tid
[1] => Array
(
[:u_ID] => 1
[:tid] => 1
[:current_time] => 1353524522
)
)
)
)
[previous:Exception:private] =>
[errorInfo] => Array
(
[0] => HY093
[1] => 0
)
)
我对PDO知之甚少,因此提出了我的问题,但我认为由于:current_time已发送但未使用,并且错误消息是无效的参数编号:未定义参数",因此无法发送额外的参数不使用.
I don't know a huge amount about PDO, hence my question, but I think that because :current_time is sent but not used and the error message is "Invalid parameter number: parameter was not defined" you cannot send extra parameters which are not used.
此外,还会生成错误代码HY093.现在我似乎在任何地方都找不到任何说明PDO代码的文档,但是我遇到了以下两个有关HY093的链接:
什么是PDO错误HY093
SQLSTATE [HY093]
Additionally the error code HY093 is generated. Now I can't seem to find any documentation explaining PDO codes anywhere, however I came across the following two links specifically about HY093:
What is PDO Error HY093
SQLSTATE[HY093]
当您错误地绑定参数时,似乎生成了HY093.这一定是在这里发生的,因为我绑定了太多的参数.
It seems HY093 is generated when you incorrectly bind parameters. This must be happening here because I am binding too many parameters.
这篇关于PDO:将多余的参数传递给已准备好的语句的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
