PDO:将MySQL函数传递给bindValue/bindParam [英] PDO: Pass a MySQL function to bindValue/bindParam

问题描述

是否可以使用bindValue()插入MySQL函数?我下面的代码只是输出为字符串'NOW()'而不是函数NOW()(不带引号).

Is it possible to insert MySQL functions using bindValue()? My code below just gets outputted as the string 'NOW()' instead of the function NOW() (without quotes).

$sthandler->bindValue(1, 'NOW()');

推荐答案

否.查询参数仅替换单个常数值.例如，数字常量或文字字符串或日期.

No. A query parameter substitutes only for a single constant value. For example, a numeric constant or literal string or date.

在解析时，列名，表名，SQL关键字，函数，表达式等所有内容都必须在SQL字符串中.

Anything else -- column names, table names, SQL keywords, functions, expressions -- must be in the SQL string at parse time.

发表您的评论

您应该理解，参数不是 ，只是将额外的字符串插值到SQL中的一种方便. PREPARE类似于Java或C#的编译阶段，而EXECUTE类似于运行已编译的代码.

You should understand that parameters are not just a convenience to interpolate extra strings into your SQL. PREPARE is analogous to a compile phase for Java or C#, whereas EXECUTE is analogous to running the compiled code.

准备时间是RDBMS进行语法检查以及对引用进行验证的时间.如果您命名一个不存在的表或调用一个不存在的函数，则必须给出一个错误.

Prepare time is when the RDBMS does syntax checking, and also validation of references. It must give an error if you name a table that doesn't exist, or invoke a function that doesn't exist.

您不能将表名或函数调用作为参数传递，因为RDBMS无法在准备时验证这些引用.您不应该使用查询参数来更改语句的语法，或引入无效的表或函数.

You can't pass table names or function calls as parameters because then the RDBMS wouldn't be able to validate those references at prepare time. You shouldn't be able to use a query parameter to change the syntax of the statement, or introduce invalid tables or functions.

因此，参数占位符必须是一个不可约的语法元素，该语法元素绝不能是无效的引用，即单个文字值-数字或字符串.

So the parameter placeholder must be an irreducible syntactic element that is never an invalid reference, i.e. a single literal value -- a number or a string.

这篇关于PDO:将MySQL函数传递给bindValue/bindParam的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！