如何将pdo的Prepared语句用于order by和limit子句? [英] How do I use pdo's prepared statement for order by and limit clauses?

问题描述

我想使用一条准备好的语句，其中传入的参数用于ORDER BY和LIMIT子句，就像这样:

I want to use a prepared statement in which the passed-in parameters are for the ORDER BY and LIMIT clauses, like so:

$sql = 'SELECT * FROM table ORDER BY :sort :dir LIMIT :start, :results';
$stmt = $dbh->prepare($sql);
$stmt->execute(array(
     'sort'  => $_GET['sort'], 
     'dir'  => $_GET['dir'], 
     'start'  => $_GET['start'],
     'results' => $_GET['results'],
     )
    );

但是$stmt->fetchAll(PDO::FETCH_ASSOC);不返回任何内容.

有人可以指出我在做什么错吗?能做到吗如果没有，我应该参考什么可使用参数的子句的完整列表?

Can someone point out what's the wrong thing I am doing? Can it be done? If not,what should I reference for a complete list of clauses where parameters can be used?

推荐答案

使用后:

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

我收到消息:

未捕获的异常"PDOException"，带有 消息"SQLSTATE [42000]:语法错误 或访问冲突:1064您有一个 您的SQL语法错误；检查 对应于您的MySQL的手册 正确语法的服务器版本 在第1行的"0"，"10"附近使用

Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0', '10'' at line 1

因此，当您使用数组执行时，它将输入视为字符串，这对于LIMIT而言不是一个好主意

So, when you use an array for execute, it consider your inputs as string which is not a good idea for LIMIT

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT * FROM table ORDER BY :sort :dir LIMIT :start, :results";
$stmt = $dbh->prepare($sql);
$stmt->bindParam(':start', $_GET['start'], PDO::PARAM_INT);
$stmt->bindParam(':results', $_GET['results'], PDO::PARAM_INT);
$stmt->bindParam(':sort', $_GET['sort']);
$stmt->bindParam(':dir', $_GET['dir']);
$stmt->execute();

$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
print_r($data);

这篇关于如何将pdo的Prepared语句用于order by和limit子句?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！