我正在尝试修复这个被删除的代码 - 正如您可能已经猜到的那样,我正在提出绑定参数语法。事实上,我甚至不确定我想做什么甚至是可能的。这是班级方法......
/***
*
* @select values from table
*
* @access public
*
* @param string $table The name of the table
*
* @param array $fieldlist Fields to return in results, defaults null
*
* @param array $criteria Search criteria by keyed by fieldname
*
* @param int $limit Limit of records to return, defaults 10
*
* @return Array on success or throw PDOException on failure
*
*/
public function dbSearch($table, $fieldList = null, $criteria = null, $limit = 10)
{
// setup $this->db to point to a PDO instance
$this->conn();
// build fieldlist
if( is_null($fieldList) OR !is_array($fieldList) OR count($fieldList) == 0) {
$returnFields = '*';
} else {
$returnFields = "'".implode("', '", $fieldList)."'";
}
// build criteria
if( is_null($criteria) OR !is_array($criteria) OR count($criteria) == 0) {
$whereClause = '';
} else {
$whereClause = array();
foreach ($criteria as $key => $value){
$bind_name = 'bind_'.$key; //generate a name for bind1, bind2, bind3...
$$bind_name = $value; //create a variable with this name with value in it
$bind_names[] = & $$bind_name; //put a link to this variable in array
$whereClause[] = "'$key' = :$bind_name";
}
$whereClause = count($whereClause) > 0 ? ' WHERE '.implode( ' AND ' , $whereClause ) : '';
}
$sql = "SELECT $returnFields FROM '$table' $whereClause LIMIT $limit";
$stmt = $this->db->prepare($sql);
if( $whereClause != '') {
call_user_func_array(array(&$stmt, 'bindParam'), $bind_names);
}
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
...在某些时候我想用这些东西来调用......
// look for users in database...
$user_recs = $crud->dbSearch('user', array('user_name'), array('user_name'=> $_POST['username']));
$users = $user_recs->fetchAll(PDO::FETCH_ASSOC);
这是多么疯狂?可能吗?我是否需要以某种方式传递参数类型?任何帮助都感激不尽!
答案 0 :(得分:0)
我真的不明白这个功能如何比传统
更好$stmt = $db->prepare("SELECT user_name FROM user WHERE user_name = ?");
$stmt->execute($_POST['username']);
$users = $stmt->fetchAll();
请注意,
LIMIT ?,?是可能的答案 1 :(得分:0)
嗯,代码可能会出现很多问题。
一次,我在AND条款之间看不到任何OR / WHERE - 这可能就是为什么它不起作用。
其次,它不允许您使用SQL函数。假设您需要编写如下查询:
SELECT * FROM `table` WHERE UNIX_TIMESTAMP(date_added) < ...;
你明白了。
我建议使用现有的ORM(Doctrine,Propel等),或坚持使用PDO。
以下是我如何将PDO用于User类的示例:
class User
{
protected $data;
public function __get($key) {
return $this->data[$key];
}
public function __set($key, $value) {
$this->data[$key] = $value;
}
/**
* @param $value
* @param $field
* @return $this
*/
public function loadBy($value, $field)
{
$db = DbFactory::getInstance();
$query = "SELECT * FROM users WHERE $field = :$field LIMIT 1";
$stmt = $db->prepare($query);
$stmt->execute(array(":$field" => $value));
$result = $stmt->fetch();
foreach ($result as $key => $value) {
$this->$key = $value;
}
return $this;
}
}
您可以为您的实体创建此类功能,您将拥有专业的功能,并且可以高效执行,并且易于测试。
<强> PS:
忽略当您有一个名为data的字段时出现的问题:)
答案 2 :(得分:0)
实际上,问题是使用绑定参数而不是绑定值... doh!
给定一个SQL语句和一个关联数组中的一些值,例如
$sql = "SELECT * FROM event
WHERE eventdate >= :from
AND eventdate <= :until
AND ( user_name LIKE :st OR site_name LIKE :st )
ORDER BY eventdate, start_time LIMIT 100";
$values = array( 'st' => '%'.$searchterm.'%',
'from' => $fromdate,
'until' => $untildate, );
然后这个类方法(但它很容易通过普通函数)完成了这个技巧:
public function dbBoundQuery($sql, $values, $types = false) {
$this->conn();
$stmt = $this->db->prepare($sql);
foreach($values as $key => $value) {
if($types) {
$stmt->bindValue(":$key",$value,$types[$key]);
} else {
if(is_int($value)) { $param = PDO::PARAM_INT; }
elseif(is_bool($value)) { $param = PDO::PARAM_BOOL; }
elseif(is_null($value)) { $param = PDO::PARAM_NULL; }
elseif(is_string($value)) { $param = PDO::PARAM_STR; }
else { $param = FALSE;}
if($param) $stmt->bindValue(":$key",$value,$param);
}
}
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
希望这有助于其他人。