我的PDO绑定仍然如何弄乱我的查询? [英] How is my PDO binding still messing up my query?

问题描述

以下是旨在处理自定义类的搜索方案的功能.

Below is a function designed to handle a search scenario for a custom class.

我已经克服了PDO默认将绑定参数作为字符串绑定的事实，即使不适当，也会导致整数->字符串转换.如您所见，我通过手动检查类型是否为整数并在这种情况下强制使用int来纠正此问题.问题是，我的解决方案仅适用于开始"值为0的情况-出现任何更高的错误，我也不知道为什么.如果我手动将开始/计数值设置为适当的值(即，我使用{$ count}代替:count)，则一切正常，因此看起来绑定仍然混乱.

I've already tripped over the fact that PDO defaults to binding parameters as strings, causing an integer->string conversion even if it's not appropriate. As you'll see, I corrected that by manually checking if the type is integer and then forcing the use of int in those cases. Problem is, my solution only works for a 'start' value of 0 -- anything higher errors out, and I don't know why. If I manually set the start/count values to their appropriate values ( i. e. instead of :count I use {$count}), everything works fine, so it looks like the binding is still messing up.

如何?或者如果我错了...什么是对的?

How? Or if I'm wrong... what is right?

    /*Query is:  
    SELECT tutor_school.id 
    FROM tutor_school, tutor_states 
    WHERE tutor_states.stateName=:state AND tutor_states.id=tutor_school.state 
    GROUP BY tutor_school.id order by tutor_school.name asc 
    LIMIT :start, :count*/

    $db = Database::get_user_db();
    $statement = $db->prepare($query);
    foreach ($executeArray as $key => $value)
    {
        if (getType($value) == 'integer')
        {
            $statement->bindParam($key, $executeArray[$key], PDO::PARAM_INT);
        }
        else
        {
            $statement->bindParam($key, $value);
        }
    }
    var_dump($executeArray);//count and start are still ints
    if ($statement->execute())
    {
        var_dump($executeArray);//start and count are now strings
        var_dump($statement->errorInfo());
        var_dump($query);
        $values = $statement->fetchAll();
        $return = array();
        foreach ($values as $row)
        {
            $school = School::schoolWithId($row[0]);
            if (!empty($school))
            {
                $return[] = $school;
            }
        }
        return $return;
    }

推荐答案

元数据(例如LIMIT参数)无法进行参数设置.您将不得不改用(正确处理的)插值.

Metadata (such as the LIMIT arguments) can't be parametrized. You will have to use (properly sanitized) interpolation instead.

这篇关于我的PDO绑定仍然如何弄乱我的查询?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！