在MySQLi中选择* FROM [英] SELECT * FROM in MySQLi
问题描述
我的网站范围很广,最近我刚改用PHP5(称我为后期爱好者).
My site is rather extensive, and I just recently made the switch to PHP5 (call me a late bloomer).
我之前所有的MySQL查询都是这样构建的:
All of my MySQL query's before were built as such:
"SELECT * FROM tablename WHERE field1 = 'value' && field2 = 'value2'";
这使它变得非常容易,简单和友好.
This made it very easy, simple and friendly.
出于明显的安全性原因,我现在正尝试切换到mysqli,并且在bind_param
需要特定参数时,我很难弄清楚如何实现相同的SELECT * FROM
查询.
I am now trying to make the switch to mysqli for obvious security reasons, and I am having a hard time figuring out how to implement the same SELECT * FROM
queries when the bind_param
requires specific arguments.
此声明是否已成为过去?
Is this statement a thing of the past?
如果是,该如何处理涉及大量列的查询?我真的需要每次都把它们全部打出来吗?
If it is, how do I handle a query with tons of columns involved? Do I really need to type them all out every time?
推荐答案
"SELECT * FROM tablename WHERE field1 = 'value' && field2 = 'value2'";
成为
"SELECT * FROM tablename WHERE field1 = ? && field2 = ?";
传递给$mysqli::prepare
的
:
$stmt = $mysqli->prepare(
"SELECT * FROM tablename WHERE field1 = ? && field2 = ?");
$stmt->bind_param( "ss", $value, $value2);
// "ss' is a format string, each "s" means string
$stmt->execute();
$stmt->bind_result($col1, $col2);
// then fetch and close the statement
OP评论:
因此,如果我有5个参数,则可能会有"sssis"之类的东西(取决于输入的类型?)
so if i have 5 parameters, i could potentially have "sssis" or something (depending on the types of inputs?)
对,在prepared语句中每个?
参数有一个类型说明符,它们都在位置(第一个说明符适用于第一个?
,并由第一个实际参数(它是bind_param
的第二个参数)替换)
Right, one type specifier per ?
parameter in the prepared statement, all of them positional (first specifier applies to first ?
which is replaced by first actual parameter (which is the second parameter to bind_param
)).
mysqli将负责转义和引用(我认为).
mysqli will take care of escaping and quoting (I think).
这篇关于在MySQLi中选择* FROM的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!