PHP \ MYSQL预备语句 [英] PHP\MYSQL prepared statements
问题描述
我是mysql和php的新手,想澄清准备语句中的内容.
I'm new to mysql and php and wanted to clarify something on prepared-statements.
我所看到的所有示例都只为表中的实际数据添加了参数,对所有字段进行参数化以减少语句数量是否是一种不好的做法?例如
All the examples I've seen only add params for the actual data in the table, is it bad practice to paramaterise all the fields so there are less statements? e.g.
UPDATE ? SET ?=? WHERE ID=?
谢谢
推荐答案
您不能参数化标识符.您只能参数化 data .否则,参数化的要点,即语句结构和 data 之间的分离是没有意义的.理解参数化不仅仅是花哨的复制和粘贴,它是一种确保数据库在 static 部分(它将从中获取指令)和之间清晰区分的技术.动态部分(将其视为数据和仅数据).
You cannot parameterize identifiers. You can only parameterize data. Otherwise the main point of parameterization, the separation between statement structure and data, is pretty moot. Understand that parameterization is not just fancy copy-and-paste, it's a technique to make sure the database has a clear separation between the static parts (which it will take its instructions from) and the dynamic parts (which it will treat as data and data only).
我个人并不真正理解为什么每个人都试图尽量减少SQL并且不想编写任何内容.在实际的应用程序中,应用程序将发送到数据库的个定义的,有限的个SQL查询.将有一个查询以用户名查找用户,一个查询以计算bar表中的foo数量,等等.等等.写这些查询一次,很方便.在某处具有方法findUserByName(),该方法包含查询以按SQL写出的名称查找用户.您无需将每个查询动态地拼凑在一起,只需要编写一次即可.这也为您提供了所有可能的数据库交互的良好清单",并允许在必要时进行手动操作. </rant>
Personally I don't really understand why everyone tries to minimize SQL as much as possible and doesn't want to write any. In a real world application there are a defined, finite number of SQL queries that an application will send to the database. There's going to be one query to find a user by username, one to calculate the number of foos in the bar table etc. etc. Write those queries once, long-hand. Have a method findUserByName() somewhere which contains the query to find a user by name written out in SQL. You don't need to dynamically cobble together every single query, you just need to write it once. That also gives you a good "inventory" of all the possible database interaction and allows hand-tweaking where necessary. </rant>
因此,和都不可能被误导.
So, it's both not possible and misguided.
这篇关于PHP \ MYSQL预备语句的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
