如何在CodeIgniter中使用准备的语句 [英] How can I Use Prepared Statements in CodeIgniter
问题描述
您好,我需要在我的网站使用准备的语句。我尝试使用此
Hi all I need to use Prepared Statements in my site. I tried use this
$sql = "SELECT * FROM tbl_user WHERE uid=:id and activation_key=:key";
$query = $this->db->query(
$sql,
array( ':id' => $uid ,':key' => $activation_key)
);
但这不工作。当我将:id
和:key
更改为?
工作。
but this is not working. When I change :id
and :key
to ?
its working.
推荐答案
CodeIgniter不支持准备语句。如果你看看CI的Database类的源代码,你会看到他们解决绑定简单地用传递数组中的数据替换问号:
CodeIgniter does not support Prepared Statements. If you look at the sourcecode for CI's Database class, you will see that they resolve bindings simply by replacing the question marks with the data from the passed array:
- https://github.com/EllisLab/CodeIgniter/blob/develop/system/database/DB_driver.php#L874
它们仅支持使用未命名占位符的查询绑定。请参见 http://ellislab.com/codeigniter/user-guide/database/queries.html
They only support Query Binding with unnamed placeholders. See http://ellislab.com/codeigniter/user-guide/database/queries.html
查询绑定
Query Bindings
绑定可让您简化查询语法,系统将查询集中在一起。考虑下面的例子:
Bindings enable you to simplify your query syntax by letting the system put the queries together for you. Consider the following example:
$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));
查询中的问号会自动替换为数组中第二个参数中的值查询功能。
The question marks in the query are automatically replaced with the values in the array in the second parameter of the query function.
和 http://ellislab.com/forums/viewthread/105112/#528915
虽然CI不支持准备语句,它支持查询绑定。使用预准备语句,你必须调用一些类型的prepare()函数,然后调用某种类型的execute()函数。使用查询绑定,你只需要调用一个函数,它基本上做同样的事情。因此,我喜欢查询绑定比预准备语句更好。
Even though CI doesn’t support prepared statements, it does support Query Bindings. With prepared statements you have to call some type of prepare() function and then some type of execute() function. With query bindings, you only have to call one function and it basically does the same thing. Because of this, I like query bindings better than prepared statements.
在sidenote上,将?
更改为: foo
只是从未命名绑定到命名绑定(其中CI显然不支持任何绑定)。只是因为你使用或不意味着你准备的语句。
On a sidenote, changing ?
to :foo
is merely changing from unnamed to named bindings (which CI apparently does not support either). Just because you use either or doesn't mean you are preparing the statements.
这篇关于如何在CodeIgniter中使用准备的语句的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!