PHP PDO执行/准备似乎不起作用

时间:2017-05-25 17:45:15

标签: php pdo prepared-statement execute rowcount

<?php    
    $abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ':login' AND user_pass=PASSWORD(':password')");
    $abc->bindParam(':login', $_POST['name']);
    $abc->bindParam(':password', $_POST['pw']);    
    $abc->execute(); 
    echo $abc->rowCount();
    // the example above doesn't work rowCount is always 0
    $abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = '?' AND user_pass=PASSWORD('?')");
    $abc->execute([$_POST['name'], $_POST['pw']]);
    echo $abc->rowCount();
    // and again rowCount is always 0
    $abc = $objpdo->query("SELECT * FROM testdb.users WHERE user = '".$_POST['name']."' AND user_pass=PASSWORD('".$_POST['pw']."')");
    echo $abc->rowCount();
    // this thing here is working
?>

我在我的代码中准备好的陈述似乎不起作用, 奇怪的是当我尝试运行query()而没有准备它,只是直接将值传递给它工作的字符串。

请注意,我总是使用现有用户/密码尝试此代码。

1 个答案:

答案 0 :(得分:1)

占位符周围不需要引号,否则查询只会将它们视为字符串,而不是占位符。

$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = :login AND user_pass=PASSWORD(:password)");

与序数占位符(问号)相同:

$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ? AND user_pass=PASSWORD(?)");