PDO:将MySQL函数传递给bindValue/bindParam [英] PDO: Pass a MySQL function to bindValue/bindParam
问题描述
是否可以使用bindValue()
插入MySQL函数?我下面的代码只是输出为字符串'NOW()'
而不是函数NOW()
(不带引号).
Is it possible to insert MySQL functions using bindValue()
? My code below just gets outputted as the string 'NOW()'
instead of the function NOW()
(without quotes).
$sthandler->bindValue(1, 'NOW()');
推荐答案
否.查询参数仅替换单个常数值.例如,数字常量或文字字符串或日期.
No. A query parameter substitutes only for a single constant value. For example, a numeric constant or literal string or date.
在解析时,列名,表名,SQL关键字,函数,表达式等所有内容都必须在SQL字符串中.
Anything else -- column names, table names, SQL keywords, functions, expressions -- must be in the SQL string at parse time.
发表您的评论
您应该理解,参数不是 ,只是将额外的字符串插值到SQL中的一种方便. PREPARE类似于Java或C#的编译阶段,而EXECUTE类似于运行已编译的代码.
You should understand that parameters are not just a convenience to interpolate extra strings into your SQL. PREPARE is analogous to a compile phase for Java or C#, whereas EXECUTE is analogous to running the compiled code.
准备时间是RDBMS进行语法检查以及对引用进行验证的时间.如果您命名一个不存在的表或调用一个不存在的函数,则必须给出一个错误.
Prepare time is when the RDBMS does syntax checking, and also validation of references. It must give an error if you name a table that doesn't exist, or invoke a function that doesn't exist.
您不能将表名或函数调用作为参数传递,因为RDBMS无法在准备时验证这些引用.您不应该使用查询参数来更改语句的语法,或引入无效的表或函数.
You can't pass table names or function calls as parameters because then the RDBMS wouldn't be able to validate those references at prepare time. You shouldn't be able to use a query parameter to change the syntax of the statement, or introduce invalid tables or functions.
因此,参数占位符必须是一个不可约的语法元素,该语法元素绝不能是无效的引用,即单个文字值-数字或字符串.
So the parameter placeholder must be an irreducible syntactic element that is never an invalid reference, i.e. a single literal value -- a number or a string.
这篇关于PDO:将MySQL函数传递给bindValue/bindParam的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!