我目前正在创建我自己的查询生成器,并且坚持使用PDO的准备好的语句。不可能循环PDO的BindParam。我使用foreach()完成了此操作,但它仅在处理循环执行的最后一个数据时才起作用。
$sql = "SELECT * FROM users WHERE id = :a OR fname = :b";
$array = array(":a"=>"10002345", "Josh");
$stmt = $conn->prepare($sql);
foreach($array as $key => $value ) {
$stmt->bindParam($key, $value);
}
$stmt->execute();
它仅绑定循环执行的最后数据。
答案 0 :(得分:2)
最好在查询中使用?占位符,并将数据数组传递到execute:
$sql = "SELECT * FROM users WHERE id = ? OR fname = ?";
$array = array("10002345", "Josh"); // you don't even need keys here
$stmt = $conn->prepare($sql);
$stmt->execute($array);
答案 1 :(得分:0)
只有偶然发现,但仅供将来参考...
首先,我将假设您的示例应该读取$array = array(":a"=>"10002345", ":b"=>"Josh");,因为即使没有:b密钥也会出现问题。
在此位:
foreach($array as $key => $value ) {
$stmt->bindParam($key, $value);
}
您还没有'passed by reference'。 $value应该修改为&$value
foreach($array as $key => &$value ) {
$stmt->bindParam($key, $value);
}
这是因为bindParam方法签名要求该值是变量引用:
public function bindParam ($parameter, &$variable, $data_type = PDO::PARAM_STR, $length = null, $driver_options = null) {}
(请注意&之前的$variable)。
原始查询(没有&)的最终结果是,所有:params都将被设置为原始循环中$value的最后一次迭代中的值。 / p>
所以,
的结果$sql = "SELECT * FROM users WHERE id = :a OR fname = :b";
$array = array(":a"=>"10002345", ":b"=>"Josh");
$stmt = $conn->prepare($sql);
foreach($array as $key => $value ) {
$stmt->bindParam($key, $value);
}
$stmt->execute();
将是SELECT * FROM users WHERE id = 'Josh' OR fname = 'Josh'
使用命名参数(:param)优于位置参数(?),因此值得为准备好的语句保留该选项,而不是“最好使用{{ 1}}占位符”。
答案 2 :(得分:0)
在我的数据库抽象层中,使用以下实用程序功能:
/**
* getFieldList return the list with or without PK column
* @param bool $withID - true when including parameter
*/
static protected function getFieldList( $withID = false )
{
if( $withID )
$result = '`' . static::getTableName( ) . '`' .
'.`' . static::getPrimaryKeyName( ) . '`, ';
else
$result = '';
return $result .= '`' . static::getTableName( ) . '`.' .
'`' . implode( '`, `'.static::getTableName( ) . '`.`', static::getFieldNames( ) ) . '`';
}
/**
* getFieldPlaceholders -
* @return string - all PDO place holders prefixed :
*/
static protected function getFieldPlacholders( )
{
return ':' . implode( ',:', static::getFieldNames( ) );
}
/**
* getUpdateList - SQL updates section
* @return string
*/
static private function getUpdateList( )
{
$result = array( );
foreach( static::getFieldNames( ) as $field ) {
if( $field === static::getPrimaryKeyName() ) continue;
$result[] = '`' . $field . '`=:' . $field;
}
return implode( ',', $result );
}
/**
* Bind the fields to PDO placeholdes
* @param PDOStatement $stmt statement that the fields are bound to
* @return void
*/
protected function bindFields( $stmt )
{
foreach( array_keys($this->fields) as $field ) {
if( $field === static::getPrimaryKeyName() ) continue;
$stmt->bindParam( ':' . $field, $this->fields[$field] );
// echo $field . '->' . $this->fields[$field] . '<br>';
}
}
/**
* Bind the fields to the placeholders
* @param PDOStatement $stmt - that the fields are bind to
* @return void
*/
protected function bindColumns( $stmt, $withID = false )
{
if( $withID )
$stmt->bindColumn( static::getPrimaryKeyName(), $this->ID );
foreach( static::getFieldNames() as $fieldname )
{
$stmt->bindColumn( $fieldname, $this->fields[$fieldname] );
}
}
/**
* parseResultset
* Set the values of the select results, resets dirty (object is in sync)
* @param mixed[] $result - associative array
*/
protected function parseResultset( $result )
{
foreach( $result as $field=> $value ) {
if( $field === static::getPrimaryKeyName() )
$this->ID = $value;
$this->fields[$field] = $value;
}
$this->dirty = array();
}