PDO占位符的有效字符 [英] PDO valid characters for placeholders
问题描述
在具有PDO的PHP中,我们限制使用哪些字符.我尝试过在文档中和在线查找,但无济于事.
In PHP with PDO, what characters are we limited to using. I've tried looking in the documentation and online but to no avail.
我确实找到了一条帖子,其中用户使用了连字符来破坏查询.我正在编写一个可以动态生成这些名称的函数,并且由于连字符不是,所以我想知道是否有替代列表.
I did find a post where a user had used a hypen in the name which broke the query. I'm writing a function that dynamically generates these names and since hyphens are no nos, I was wondering if there was a list of alternatives.
<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>
那么在此示例中,字符串':colour'中将允许哪些字符?
So in this example what characters would be allowed in the string ':colour'?
推荐答案
最简单的查找方法是仅检查源代码:
https://github.com/php/php -src/blob/master/ext/pdo/pdo_sql_parser.re#L49 :
The easiest way to find out, is to just check the source code:
https://github.com/php/php-src/blob/master/ext/pdo/pdo_sql_parser.re#L49:
BINDCHR = [:][a-zA-Z0-9_]+;
您可以使用字母数字+下划线.
You can use alphanumeric + underscore.
这篇关于PDO占位符的有效字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!