如何在此查询中使用准备好的语句? [英] How to use prepared statements in this query?
问题描述
我是PHP和PDO的新手,我尝试在这里使用准备好的语句.经过一小时的尝试,我放弃了.或者我的教程太糟糕了.
I'm new to PHP and PDO, and I try to use prepared statements here. After 1 hour of trying around I give up. Or my tutorial was just horribly bad.
这在没有准备好的语句的情况下非常有效:
This works perfectly without prepared statements:
try {
$dbh = new PDO('mysql:host=localhost;dbname=test', 'root', 'root');
$prepared = $dbh->prepare('SELECT * from sys_navigation_point WHERE name="root"');
//$prepared->bindParam('foo', 'root');
$prepared->execute();
foreach($prepared as $row) {
print_r($row);
}
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
但这对于准备好的语句根本不起作用.执行此操作时获得一个完全空白的页面:
But this does not work at all with a prepared statement. Getting a totally blank page when doing this:
try {
$dbh = new PDO('mysql:host=localhost;dbname=test', 'root', 'root');
$prepared = $dbh->prepare('SELECT * from sys_navigation_point WHERE name=:foo');
$prepared->bindParam('foo', 'root');
$prepared->execute();
foreach($prepared as $row) {
print_r($row);
}
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
foo应该替换为root.但是,事实并非如此.
foo should be replaced with root. However, it doesn't.
推荐答案
您不能将params用于表和列名之类的东西,它只能用于数据,不能用于完全动态的查询
You can't use params for stuff like table and column names, it's meant to be used for data only, not for fully dynamic queries
这应该有效:
$prepared = $dbh->prepare('SELECT * from sy_navigation_point WHERE Foo=:whatever');
$prepared->bindParam('whatever', 'Bar');
编辑:这应该是真正的解决方案.
This should be the real solution.
通过查看文档,很明显该模式必须为:
By looking at the documentation, it's clear that the pattern has to be:
$prepared = $dbh->prepare('SELECT * from sy_navigation_point WHERE Foo=:whatever');
$prepared->bindParam('whatever', $value);
然后您这样做:
$value = 'Bar';
$prepared->execute();
这篇关于如何在此查询中使用准备好的语句?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
