MySQL的会话处理程序困难

时间:2016-08-29 21:52:43

标签: php mysql

关于MYSQL的会话处理程序看{4}}并对此部分感到困惑:

table_XXX ==表XXX; col_XXX ==第XXX列; sid ==会话ID

阅读方法:

public function read($session_id)
    {
        $this->db->exec('SET TRANSACTION ISOLATION LEVEL READ COMMITTED');
        $this->db->beginTransaction();
        /**
         * the data is selected and no other ppl can interfere
         * the writing process until COMMIT is reached
         */
        $sql = "SELECT $this->col_expiry, $this->col_data
                FROM $this->table_sess
                WHERE $this->col_sid = :sid FOR UPDATE";
        $selectStmt = $this->db->prepare($sql);
        $selectStmt->bindParam(':sid', $session_id);
        $selectStmt->execute();
        $results = $selectStmt->fetch(\PDO::FETCH_ASSOC);
        if ($results) {
            if ($results[$this->col_expiry] < time()) {
                // return empty if data out of date
                return '';
            }
            return $results[$this->col_data];
        }

        return $this->initializeRecord($selectStmt);
    }

受保护的方法:

protected function initializeRecord(\PDOStatement $selectStmt)
    {
        try {
            $sql = "INSERT INTO $this->table_sess 
                    ($this->col_sid, $this->col_expiry, $this->col_data)
                    VALUES (:sid, :expiry, :data)";
            $insertStmt = $this->db->prepare($sql);
            $insertStmt->bindParam(':sid', $session_id);
            $insertStmt->bindParam(':expiry', $this->expiry); // expiry is defined
            $insertStmt->bindValue(':data', '');
            $insertStmt->execute();
            return '';
        } catch(\PDOException $e) {
            $this->db->rollBack();
            throw $e;
        }
    }

写方法:

public function write($session_id, $data)
    {
        try {
            $sql = "INSERT INTO $this->table_sess ($this->col_sid,
                    $this->col_expiry, $this->col_data)
                    VALUES (:sid, :expiry, :data)
                    ON DUPLICATE KEY UPDATE
                    $this->col_expiry = :expiry,
                    $this->col_data = :data";
            $stmt = $this->db->prepare($sql);
            $stmt->bindParam(':expiry', $this->expiry, \PDO::PARAM_INT);
            $stmt->bindParam(':data', $data);
            $stmt->bindParam(':sid', $session_id);
            $stmt->execute();
            return true;
        } catch (\PDOException $e) {
            if ($this->db->inTransaction()) {
                $this->db->rollback();
            }
            throw $e;
        }
    }

在受保护的方法&#39;,第8行,有一个$ session_id,显然没有$ session_id传递给受保护的方法,所以该行的bindParam()只是绑定了什么? 那么initializeRecord()只是启动了一个具有到期时间但没有其他的行?然后在调用write方法后插入sid和数据?

1 个答案:

答案 0 :(得分:0)

这会在WHERE $this->col_sid = :sid之后执行很多字符串构造技巧,因为它会创建SQL语句。

您可以尝试回显或转储这些SQL语句,以便在它们运行->execute()之前查看它们包含的内容。这将有助于您排除故障。

很明显,您的受保护方法缺失$session_id。是否有可能在那里使用$this->sid的值?

相关问题
最新问题