如何在SELECT查询PDO中使用数组/内爆 [英] How use an array/implode in the SELECT query PDO
问题描述
$userdata['anything']的选项.看到代码:$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name'); }
和
function user_data($user_id){
$pdo = new PDO("mysql:host=localhost;dbname=MYDATABASE;", "MYUSERNAME", "MYPASSWORD");
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode(', ', $func_get_args) . '`';
echo $fields;
$stmt = $pdo->prepare("SELECT :fields FROM `users` WHERE `user_id` = :user_id");
$stmt->execute(array(':user_id' => $user_id, ':fields' => $fields));
$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
print_r($data);
}
}
问题是这不起作用.它返回
Array ( [0] => Array ( [`user_id, username, password, first_name, last_name`] => `user_id, username, password, first_name, last_name` ) )
但是,将:fields替换为例如'username'确实可行.可以使用此爆破吗?
更改:
$stmt = $pdo->prepare("SELECT :fields FROM `users` WHERE `user_id` = :user_id");
收件人:
$stmt = $pdo->prepare("SELECT $fields FROM `users` WHERE `user_id` = :user_id");
并从execute参数数组中删除$ fields.
参数化占位符仅用于值.
更新
这行也是错误的:
$fields = '`' . implode(', ', $func_get_args) . '`';
这会在字段列表之外而不是每个列名之外输出一个`.
尝试像这样删除它们:
$fields = implode(', ', $func_get_args);
i have a function that returns user data from the database. But I want to return only the selected row, for instance username, so i created an array for that, giving the option to echo $userdata['anything']. see the code:
$session_user_id = $_SESSION['user_id'];
$user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name'); }
and
function user_data($user_id){
$pdo = new PDO("mysql:host=localhost;dbname=MYDATABASE;", "MYUSERNAME", "MYPASSWORD");
$data = array();
$user_id = (int)$user_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1) {
unset($func_get_args[0]);
$fields = '`' . implode(', ', $func_get_args) . '`';
echo $fields;
$stmt = $pdo->prepare("SELECT :fields FROM `users` WHERE `user_id` = :user_id");
$stmt->execute(array(':user_id' => $user_id, ':fields' => $fields));
$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
print_r($data);
}
}
The problem is that this doesn't work. It returns
Array ( [0] => Array ( [`user_id, username, password, first_name, last_name`] => `user_id, username, password, first_name, last_name` ) )
However, replacing :fields with for instance 'username' does work. Is it possible to use this implode?
Change:
$stmt = $pdo->prepare("SELECT :fields FROM `users` WHERE `user_id` = :user_id");
to:
$stmt = $pdo->prepare("SELECT $fields FROM `users` WHERE `user_id` = :user_id");
and remove $fields from the execute parameter array.
Parameterized placeholders are only for values.
UPDATE
Also this line is wrong:
$fields = '`' . implode(', ', $func_get_args) . '`';
This will output a ` outside the the field list rather than each column name.
Try removing them like this:
$fields = implode(', ', $func_get_args);
这篇关于如何在SELECT查询PDO中使用数组/内爆的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
