将MYSQL *查询转换为带占位符的PDO ready语句
[英]Convert a MYSQL* query into a PDO ready statement with placeholders
问题描述
Im having real trouble converting a SQL query from mysql to a PDO prepared statement. 
我在将SQL查询从mysql转换为PDO预处理语句时遇到了麻烦。 It is the following and it is used to calculate the distance between a coordinate stored in a session (the users position) and a coordinate in the database, and if it is within a radius determined by the user: 它是以下内容,它用于计算会话中存储的坐标(用户位置)与数据库中的坐标之间的距离,以及它是否在用户确定的半径范围内:
$query = "
SELECT
*
FROM
first_page_data
WHERE
((((acos(sin((".$_SESSION['alat']."*pi()/180)) *
sin(('geo_lat1'*pi()/180))+cos((".$_SESSION['alat']."*pi()/180)) *
cos(('geo_lat1'*pi()/180)) * cos(((".$_SESSION['alon']."- 'geo_lon1') *
pi()/180))))*180/pi())*60*1.1515) * (1.609344/1000)) < ".$_SESSION['aradius'];
I want to change the session variables, and the geo_lat and geo_lon variables into placeholders so I can bind the values to them but I cant for the life of me get it to work! 我想将会话变量,geo_lat和geo_lon变量更改为占位符,以便我可以将值绑定到它们,但我不能让我的生活让它工作!
I dont even know how to see how im getting on because once ive replaced the variables above with placeholders (ive been using the unnamed questionmark placeholders) and then binded the values to them, I dont know how to retrieve the compiled query from $stmt before I execute it: 我甚至不知道如何看到我如何上场,因为一旦我用占位符替换上面的变量(我一直使用未命名的问号占位符)然后将值绑定到它们,我不知道如何从$ stmt检索编译的查询我执行它:
$stmt = db->prepare($query);
$stmt->bindValue(1, $_SESSION['alat'], PDO::PARAM_STR);
**more bindings**
$stmt->execute();
1 个解决方案
解决方案1
2 已采纳 2014-04-02 20:39:46
These changes are very trivial. 这些变化非常微不足道。 I put in placeholder names, removed the string concatenation, and removed the incorrect quotes. 我放置了占位符名称,删除了字符串连接,并删除了错误的引号。 It could use help with formatting, or perhaps a UDF. 它可以使用格式化帮助,也可以使用UDF。
# Change string-concat for placeholders
$query = "
SELECT
*
FROM
first_page_data
WHERE
((((acos(sin(( :lat1 *pi()/180)) *
sin((geo_lat1*pi()/180))+cos(( :lat2 *pi()/180)) *
cos((geo_lat1*pi()/180)) * cos((( :lon - geo_lon1) *
pi()/180))))*180/pi())*60*1.1515) * (1.609344/1000)) < :rad";
# Bind values (PARAM_STR is default)
# While PDO does support using a named parameter multiple times
# when emulating placeholders, this is not guaranteed. To be safe,
# here the code is binding the same value to two "different" params.
$stmt = db->prepare($query);
$stmt->bindValue(":lat1", $_SESSION['alat']);
$stmt->bindValue(":lat2", $_SESSION['alat']);
$stmt->bindValue(":lon", $_SESSION['along']);
$stmt->bindValue(":rad", $_SESSION['aradius']);
# Execute! I recommend enabling PDO Exceptions to avoid so much
# manual error-checking of result values.
$stmt->execute();
Now, there is no direct way to see the statement with data as that's not how placeholders work - even if PDO internally emulates placeholders it's merely an implementation detail and you don't get to see it. 现在, 没有直接的方法来查看带有数据的语句,因为这不是占位符的工作方式 - 即使PDO在内部模拟占位符,它只是一个实现细节,而您却无法看到它。
However, there are various solutions to the more general task of "debugging statements" discussed in How to debug PDO database queries? 但是, 如何调试PDO数据库查询中讨论的“调试语句”的更一般任务有各种解决方案? (I recommend using the database logging for development as your code probably shouldn't be logging or printing queries directly.) (我建议使用数据库日志记录进行开发,因为您的代码可能不应该直接记录或打印查询。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.