我遇到的问题是:当我尝试准备一个由DESCRIBE table_name或SHOW COLUMNS FROM table_name组成的查询时,我收到一条错误消息,指出以下内容:
致命错误:带有消息'SQLSTATE [42000]的未捕获异常'PDOException':语法错误或访问冲突:1064 SQL语法中有错误;检查与MySQL服务器版本相对应的手册,以便在/Applications/MAMP/htdocs/test.php:28的第1行''用户'附近使用正确的语法。堆栈跟踪:#0 / Applications / MAMP / htdocs /test.php(28):PDOStatement-> execute()#1 /Applications/MAMP/htdocs/test.php(6):show_columns_yes_prepared('users')#2 {main}抛出/ Applications / MAMP / htdocs第28行/test.php
函数show_columns_not_prepared()按预期/希望的方式返回以下内容:
Array
(
[0] => uid
[1] => name
[2] => pass
[3] => mail
[4] => mode
[5] => sort
[6] => threshold
[7] => theme
[8] => signature
[9] => signature_format
[10] => created
[11] => access
[12] => login
[13] => status
[14] => timezone
[15] => language
[16] => picture
[17] => init
[18] => data
[19] => timezone_name
[20] => timezone_id
)
...由于函数show_columns_yes_prepared()而发生上述错误。以下两者都可以在文件test.php中使用的其余源代码(逐字)中找到,该文件位于我的localhost的根目录中。
准备DESCRIBE SQL查询是不可能的任务吗?或者我做错了什么?都不是?既?
数据库/表格创建:
CREATE DATABASE `testdatabaseforpdo` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
USE `testdatabaseforpdo`;
CREATE TABLE `users` (
`uid` int(10) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(60) NOT NULL DEFAULT '',
`pass` varchar(32) NOT NULL DEFAULT '',
`mail` varchar(64) DEFAULT '',
`mode` tinyint(4) NOT NULL DEFAULT '0',
`sort` tinyint(4) DEFAULT '0',
`threshold` tinyint(4) DEFAULT '0',
`theme` varchar(255) NOT NULL DEFAULT '',
`signature` varchar(255) NOT NULL DEFAULT '',
`signature_format` smallint(6) NOT NULL DEFAULT '0',
`created` int(11) NOT NULL DEFAULT '0',
`access` int(11) NOT NULL DEFAULT '0',
`login` int(11) NOT NULL DEFAULT '0',
`status` tinyint(4) NOT NULL DEFAULT '0',
`timezone` varchar(8) DEFAULT NULL,
`language` varchar(12) NOT NULL DEFAULT '',
`picture` varchar(255) NOT NULL DEFAULT '',
`init` varchar(64) DEFAULT '',
`data` longtext,
`timezone_name` varchar(50) NOT NULL DEFAULT '',
`timezone_id` int(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`uid`),
UNIQUE KEY `name` (`name`),
KEY `access` (`access`),
KEY `created` (`created`),
KEY `mail` (`mail`),
KEY `picture` (`picture`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
源代码(根据需要调整getConnection()内的连接信息):
<?php
$table = 'users';
print_r(show_columns_not_prepared($table));
print_r(show_columns_yes_prepared($table));
function show_columns_not_prepared($table) {
$db = getConnection();
// Not prepared, not safe...
$sql = "DESCRIBE $table";
$stmt = $db->query($sql);
$out = array();
while ($res = $stmt->fetchAll(PDO::FETCH_ASSOC)) {
for ($i = 0; $i < count($res); $i++) {
$out[] = $res[$i]['Field'];
}
}
return $out;
}
function show_columns_yes_prepared($table) {
$db = getConnection();
// Ready to be prepared...
$sql = "DESCRIBE :table";
$stmt = $db->prepare($sql);
$stmt->bindValue(':table', $table, PDO::PARAM_STR);
$stmt->execute();
$out = array();
while($res = $stmt->fetch(PDO::FETCH_ASSOC)) {
for ($i = 0; $i < count($res); $i++) {
$out[] = $res[$i]['Field'];
}
}
return $out;
}
function getConnection() {
$dbhost="localhost";
$dbuser="someuser";
$dbpass="somepass";
$dbname="testdatabaseforpdo";
$dbh = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpass);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->exec("set names utf8");
return $dbh;
}
答案 0 :(得分:4)
safeMysql这是一只鸡:
function show_columns_yes_prepared($table)
{
$db = getConnection(); // I HOPE it's SINGLETON. Yikes, it is not
return $db->getCol( "DESCRIBE ?n", $table);
}
丑陋的PDO could be a problem,所以,你最好坚持information_schema查询为Jack suggested:
function show_columns_yes_prepared($pdo, $table)
{
$sql = "SELECT column_name FROM information_schema.columns WHERE table_name =?";
$stm = $pdo->prepare($sql);
$stm->execute([$table]);
return $stm->fetchAll(PDO::FETCH_COLUMN);
}
但是getConnection();函数会在或多或少的生产环境中杀死你的数据库服务器。
因为每个应用程序只应连接 ONCE 并在整个脚本中使用该单个连接,而不是每次需要查询数据库时都连接。