PDO和SQL IN语句 [英] PDO and SQL IN statements

问题描述

我正在使用续集进行搜索，例如使用PDO

Im using a sequel for search like this using PDOs

$states = "'SC','SD'";  
$sql = "select * from mytable where states in (:states)";  
$params = array(':states'=>$states); 

我使用我的功能

$result = $this->selectArrayAssoc($sql, $params);

其中的selectArrayAssoc功能如下

where my selectArrayAssoc function as following

public function selectArrayAssoc($sql, $params = array())
{
  try {
     $sth = $this->db->prepare($sql);
     $sth->execute($params);
     $result = $sth->setFetchMode(PDO::FETCH_ASSOC);
     return $sth->fetchAll();
  } catch(PDOException $e) {
     print $e->getMessage();
     //Log this to a file later when in production
     exit;
  }
}

它不带引号的变量，我认为这是抑制性的，在这种情况下如何处理.

it does not take the quoted variables, I think it is suppressing, in such cases how to deal with this.

推荐答案

通常，使用预准备语句占位符(参数绑定)时，每次出现的占位符都只包含一个变量.

When using prepared statement placeholders (parameter binding) in general, each occurrence of a placeholder holds exactly one variable.

您正尝试通过几个.发生的基本上是您的参数被转义了:您的:states 被替换为'''SC''，"SD'''或'\' SC \'，\'SD \''内部，而不是仅包含所需的原始'SC'，'SD'.

You're trying to pass several. What's happening is basically that your parameters are escaped: Your :states is replaced with '''SC'',''SD''' or '\'SC\',\'SD\'' internally, rather than with just the raw 'SC','SD' that you want.

这篇关于PDO和SQL IN语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！