使用PDO语句更新 [英] Update using PDO statement

问题描述

我仍然对PDO语句有所了解，但是下面的代码并没有达到我的预期

I am still getting my head around a PDO statement but the code below does not do what I assumed it would

  $temp = "6c ";    
  $weather_report = "Its currently $temp " ; 

  $qry = $pdo->exec("UPDATE data_weather SET text= '$weather_report' WHERE period='report' ");

这确实更新了我的数据库，但仅使用了当前"，并且temp值丢失了，

This does update my database but only with 'Its currently' and the temp value is missing ,

阅读一些文章后，我相信我需要使用引号，但是我不确定如何实现它?

After reading some articles I believe I need to use quote but I am not sure how to implement it ?

有什么帮助吗?

推荐答案

请使用查询参数，而不要将变量插值到SQL字符串中.
更安全，更快，更容易.

Please use query parameters instead of interpolating variables into SQL strings.
It's safer, faster, and easier.

$temp = "6c ";    
$weather_report = "It's currently $temp " ; 

$sql = "UPDATE data_weather SET text= ? WHERE period='report'";
$stmt = $pdo->prepare($sql);
$stmt->execute(array($weather_report));

请注意，您不需要引用字符串.实际上，您绝不能在?占位符两边加上引号.您可以在天气报告字符串中安全地使用撇号.

Note that you don't need to quote the string. In fact, you must not put quotes around the ? placeholder. You can use apostrophes inside your weather report string safely.

您可以在通常在SQL表达式中放置单个标量值的任何位置使用参数占位符.例如.代替带引号的字符串，带引号的日期或数字文字.但不适用于表名或列名，值列表或SQL关键字.

You can use a parameter placeholder any place you would normally put a single scalar value in an SQL expression. E.g. in place of a quoted string, quoted date, or numeric literal. But not for table names or column names, or for lists of values, or SQL keywords.

这篇关于使用PDO语句更新的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！