如何在CodeIgniter中使用准备的语句 [英] How can I Use Prepared Statements in CodeIgniter

查看:124
本文介绍了如何在CodeIgniter中使用准备的语句的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

您好,我需要在我的网站使用准备的语句。我尝试使用此

Hi all I need to use Prepared Statements in my site. I tried use this

$sql = "SELECT * FROM tbl_user WHERE uid=:id and activation_key=:key";
$query = $this->db->query( 
    $sql, 
    array( ':id' => $uid ,':key' => $activation_key)
);

但这不工作。当我将:id :key 更改为工作。

but this is not working. When I change :id and :key to ? its working.

推荐答案

CodeIgniter不支持准备语句。如果你看看CI的Database类的源代码,你会看到他们解决绑定简单地用传递数组中的数据替换问号:

CodeIgniter does not support Prepared Statements. If you look at the sourcecode for CI's Database class, you will see that they resolve bindings simply by replacing the question marks with the data from the passed array:

  • https://github.com/EllisLab/CodeIgniter/blob/develop/system/database/DB_driver.php#L874

它们仅支持使用未命名占位符的查询绑定。请参见 http://ellislab.com/codeigniter/user-guide/database/queries.html

They only support Query Binding with unnamed placeholders. See http://ellislab.com/codeigniter/user-guide/database/queries.html


查询绑定

Query Bindings

绑定可让您简化查询语法,系统将查询集中在一起。考虑下面的例子:

Bindings enable you to simplify your query syntax by letting the system put the queries together for you. Consider the following example:

$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));

查询中的问号会自动替换为数组中第二个参数中的值查询功能。

The question marks in the query are automatically replaced with the values in the array in the second parameter of the query function.

http://ellislab.com/forums/viewthread/105112/#528915


虽然CI不支持准备语句,它支持查询绑定。使用预准备语句,你必须调用一些类型的prepare()函数,然后调用某种类型的execute()函数。使用查询绑定,你只需要调用一个函数,它基本上做同样的事情。因此,我喜欢查询绑定比预准备语句更好。

Even though CI doesn’t support prepared statements, it does support Query Bindings. With prepared statements you have to call some type of prepare() function and then some type of execute() function. With query bindings, you only have to call one function and it basically does the same thing. Because of this, I like query bindings better than prepared statements.

在sidenote上,将更改为: foo 只是从未命名绑定到命名绑定(其中CI显然不支持任何绑定)。只是因为你使用或不意味着你准备的语句。​​

On a sidenote, changing ? to :foo is merely changing from unnamed to named bindings (which CI apparently does not support either). Just because you use either or doesn't mean you are preparing the statements.

这篇关于如何在CodeIgniter中使用准备的语句的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆