如何将pdo的Prepared语句用于order by和limit子句? [英] How do I use pdo's prepared statement for order by and limit clauses?
问题描述
我想使用一条准备好的语句,其中传入的参数用于ORDER BY
和LIMIT
子句,就像这样:
I want to use a prepared statement in which the passed-in parameters are for the ORDER BY
and LIMIT
clauses, like so:
$sql = 'SELECT * FROM table ORDER BY :sort :dir LIMIT :start, :results';
$stmt = $dbh->prepare($sql);
$stmt->execute(array(
'sort' => $_GET['sort'],
'dir' => $_GET['dir'],
'start' => $_GET['start'],
'results' => $_GET['results'],
)
);
但是$stmt->fetchAll(PDO::FETCH_ASSOC);
不返回任何内容.
有人可以指出我在做什么错吗?能做到吗如果没有,我应该参考什么可使用参数的子句的完整列表?
Can someone point out what's the wrong thing I am doing? Can it be done? If not,what should I reference for a complete list of clauses where parameters can be used?
推荐答案
使用后:
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
我收到消息:
未捕获的异常"PDOException",带有 消息"SQLSTATE [42000]:语法错误 或访问冲突:1064您有一个 您的SQL语法错误;检查 对应于您的MySQL的手册 正确语法的服务器版本 在第1行的"0","10"附近使用
Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0', '10'' at line 1
因此,当您使用数组执行时,它将输入视为字符串,这对于LIMIT而言不是一个好主意
So, when you use an array for execute, it consider your inputs as string which is not a good idea for LIMIT
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT * FROM table ORDER BY :sort :dir LIMIT :start, :results";
$stmt = $dbh->prepare($sql);
$stmt->bindParam(':start', $_GET['start'], PDO::PARAM_INT);
$stmt->bindParam(':results', $_GET['results'], PDO::PARAM_INT);
$stmt->bindParam(':sort', $_GET['sort']);
$stmt->bindParam(':dir', $_GET['dir']);
$stmt->execute();
$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
print_r($data);
这篇关于如何将pdo的Prepared语句用于order by和limit子句?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!