您可以使用参数化PDO添加列和值吗?

时间:2011-07-19 08:00:12

标签: php mysql pdo

我有以下代码可以使用,但它没有使用我通常使用的PDO

<?php
    if( $_SERVER['REQUEST_METHOD'] == 'POST' ) {

        // will go all the way upto 50
        $fields = array('db_field1'=>'cb1', 'dbfield2'=>'cb2', 'dbfield3'=>'cb3', 'dbfield4'=>'cb4');

        $update = '';

        foreach($fields as $dbfield => $field) {
            if ($update) $update.= ',';

            $update.= ' '.$dbfield.'=';

            if (isset($_POST[$field])) {
                $update.= 1;
            } else {
                $update.= 0;
            }
        }

        // show generated query
        echo 'UDPATE table SET'.$update.' WHERE 1=1';
    }
?>

<html>
    <head>
        <title></title>
    </head>

    <body>
        <form method="post">
            <input type="checkbox" name="cb1" />
            <input type="checkbox" name="cb2" />
            <input type="checkbox" name="cb3" />
            <input type="checkbox" name="cb4" />
            <!-- all the way to 50 -->

            <input type="submit" value="submit" />
        </form>
    </body>
</html>

因为我从上面的代码中获取column namescolumn values,我不确定如何使用PDO执行此操作?

我在下面做了以下代码:

<?php
    if( $_SERVER['REQUEST_METHOD'] == 'POST' ) {

        $fields = array('db_field1'=>'cb1', 'dbfield2'=>'cb2', 'dbfield3'=>'cb3', 'dbfield4'=>'cb4');

        $update = '';

        foreach($fields as $dbfield => $field) {
            if ($update) $update.= ',';

            $update.= ' '.$dbfield.'=';

            if (isset($_POST[$field])) {
                $update.= 1;
            } else {
                $update.= 0;
            }
        }

        $DBH = new PDO( "mysql:host=localhost;dbname=database", "user", "pass" );
        $DBH -> setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

        $STH = $DBH -> prepare( "update table1 set :update where id = :id" );

        $STH -> bindParam( ':update', $update, PDO::PARAM_STR, 255 );
        $STH -> bindParam( ':id', $id, PDO::PARAM_INT, 4 );

        $STH -> execute();
    }
?>

<html>
    <head>
        <title></title>
    </head>

    <body>
        <form method="post">
            <input type="checkbox" name="cb1" />
            <input type="checkbox" name="cb2" />
            <input type="checkbox" name="cb3" />
            <input type="checkbox" name="cb4" />
            <!-- all the way to 50 -->

            <input type="submit" value="submit" />
        </form>
    </body>
</html>

但它给了我以下错误:

  

[Tue Jul 19 09:15:44 2011] [错误] [client :: 1] PHP致命错误:   带有消息'SQLSTATE [42000]的未捕获异常'PDOException':   语法错误或访问冲突:1064 SQL中有错误   句法;查看与MySQL服务器版本对应的手册   要在''db_field1 = 0,dbfield2 = 1附近使用正确的语法,   dbfield3 = 1,dbfield4 = 0',其中id = 1'在第1行中   /var/www/page1.php:30\nStack trace:\ n#0   /var/www/page1.php(30):PDOStatement-&gt; execute()\ n#1   {main} \ n在第30行的/var/www/page1.php中抛出,   referer:http:// localhost / page1.php

1 个答案:

答案 0 :(得分:0)

使用:

$DBH = new PDO( "mysql:host=localhost;dbname=database", "user", "pass" );
$DBH -> setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

$STH = $DBH -> prepare( "update table1 set " . $update . " where id = :id" );

//$STH -> bindParam( ':update', $update, PDO::PARAM_STR, 255 );
$STH -> bindParam( ':id', $id, PDO::PARAM_INT, 4 );

$STH -> execute();

而不是:

$DBH = new PDO( "mysql:host=localhost;dbname=database", "user", "pass" );
$DBH -> setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

$STH = $DBH -> prepare( "update table1 set :update where id = :id" );

$STH -> bindParam( ':update', $update, PDO::PARAM_STR, 255 );
$STH -> bindParam( ':id', $id, PDO::PARAM_INT, 4 );

$STH -> execute();

或者你可以使用它:

if( $_SERVER['REQUEST_METHOD'] == 'POST' ) { 
    $fields = array('db_field1'=>'cb1', 'dbfield2'=>'cb2', 'dbfield3'=>'cb3', 'dbfield4'=>'cb4');

    $update = array();
    $values = array();

    foreach($fields as $dbfield => $field) {
        $update[] = $dbfield . " = ? ";
        $values[] = isset($_POST[$field]) ? 1 : 0;
    }

    $values[] = $id;

    $DBH = new PDO( "mysql:host=localhost;dbname=database", "user", "pass" );
    $DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

    $STH = $DBH->prepare( "update table1 set " . join( ',', $update ) . " where id = ?" );

    $STH->execute($values);
}

而不是:

if( $_SERVER['REQUEST_METHOD'] == 'POST' ) { 
    $fields = array('db_field1'=>'cb1', 'dbfield2'=>'cb2', 'dbfield3'=>'cb3', 'dbfield4'=>'cb4');

    $update = '';

    foreach($fields as $dbfield => $field) {
        if ($update) $update.= ',';

        $update.= ' '.$dbfield.'=';

        if (isset($_POST[$field])) {
            $update.= 1;
        } else {
            $update.= 0;
        }
    }

    $DBH = new PDO( "mysql:host=localhost;dbname=database", "user", "pass" );
    $DBH -> setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

    $STH = $DBH -> prepare( "update table1 set :update where id = :id" );

    $STH -> bindParam( ':update', $update, PDO::PARAM_STR, 255 );
    $STH -> bindParam( ':id', $id, PDO::PARAM_INT, 4 );

    $STH -> execute();
}
相关问题
最新问题