使用bindValue()的PDO查询方法似乎没有工作 [英] PDO query method with bindValue() seems not to be working
本文介绍了使用bindValue()的PDO查询方法似乎没有工作的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
它永远不会有效而当我在sql查询上做一个var转储时,我看到问号仍然存在。这意味着价值观没有被绑定吗?
It never works. And when I do a var dump on the sql query I see that the question marks are still in it. Which means that the values have not been binded right?
我不明白为什么它没有绑定值。
I don't understand why it's not binding the values.
可以帮我吗?
PHP
$ruleValue = "value1";
$input = "value2";
$inputValue = "value3";
$this->_db->query('SELECT * FROM ? WHERE ? = ?', array($ruleValue, $input, $inputValue));
方法
public function query($sql, $params = array()) {
$this->_error = false;
if($this->_query = $this->_pdo->prepare($sql)) {
$x = 1;
if(count($params)) {
foreach($params as $param) {
$this->_query->bindValue($x, $param);
$x++;
}
}
if($this->_query->execute()) {
$this->_results = $this->_query->fetchAll(PDO::FETCH_OBJ);
$this->_count = $this->_query->rowCount();
} else {
$this->_error = true;
}
var_dump($this->_query);
}
return $this;
}
var_dump
object(PDOStatement)#5 (1) { ["queryString"]=> string(27) "SELECT * FROM ? WHERE ? = ?" }
推荐答案
您的代码:
$ruleValue = "value1";
$input = "value2";
$inputValue = "value3";
$this->_db->query('SELECT * FROM ? WHERE ? = ?', array($ruleValue, $input, $inputValue)
4行
不安全
保存状态 - >为自己挖一个巨大的陷阱
从不工作
4 lines
insecure
saves state -> a HUGE pitfall you dug for yourself
never works
常规PDO
$stmt = $this->db->prepare('SELECT * FROM value1 WHERE value2 = ?')
$stmt->execute([$value3]);
$results = $stmt->fetchAll();
3行
secure
无状态
工作
3 lines
secure
stateless
works
结论:GET RID这个恶意功能并使用raw PDO
Conclusion: GET RID of this malicious function and use raw PDO
这篇关于使用bindValue()的PDO查询方法似乎没有工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文