堆栈内存溢出
  简体   繁体   English

在预处理语句PDO PHP中绑定值数组

[英]Binding array of values in prepared statement PDO PHP

 原文  2015-05-04 02:33:32       php/ mysql/ pdo

问题描述

I'm trying to bind my values into a prepared statement in PDO. 我正在尝试将我的值绑定到PDO中的预准备语句中。

Here is the pre requisite codes that that uses the prepared statement block: 以下是使用预准备语句块的先决条件代码: 

$tab = 'air_user';
$fie = array('USER_NAME', 'USER_PASSWORD' , 'USER_EMAIL');
$name = $_POST['name'];
$pass = $_POST['password'];
$email = $_POST['email'];
$val = array(
    'name' => $name,
    'pass' => $pass,
    'email' => $email
);
$this->connect($tab,$fie,$val);

And here is the part wherein I prepare those values and make the necessaru insertions: 以下是我准备这些值并进行必要插入的部分: 

public function connect($table,$fields,$values)
{

    try{
        $con = new PDO ('mysql:host=localhost;dbname=air','root','123456');
        $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

        $fields = implode(", ", $fields);
        echo $fields;
        $values = implode(", ", $values);
        echo $values;

        // have to make this prevent sql injection //
        $stmt = $con->prepare("INSERT INTO $table(ID,$fields) VALUES (?,?,?,?)");
        $stmt->execute(array('',$values));

    } catch(PDOException $e) {
        die("this cant connect the database");
    }
}

so why isit my INSERT not Working ? 那么为什么我的INSERT不工作? isit can anyone help me take a look of it , i tryed so many things , none of them work. 任何人都可以帮助我看看它,我尝试了很多东西,没有一个工作。

1 个解决方案

解决方案1
 8 已采纳  2015-05-04 02:39:05

No, don't implode the values that your going to pass inside the ->execute() , it must be an array: 不,不要implode你要在->execute()内传递的值,它必须是一个数组: 

$fields = implode(", ", $fields);
// $values = implode(", ", $values); // DONT IMPLODE!
$values = array_values($values);

$stmt = $con->prepare("INSERT INTO $table(ID,$fields) VALUES (NULL, ?,?,?)");
$stmt->execute($values);

Or @Augwa's suggestion: 或@ Augwa的建议: 

// $fields = implode(", ", $fields); // not needed
// $values = implode(", ", $values); // DONT IMPLODE!

$placeholders = substr(str_repeat('?,', sizeOf($fields)), 0, -1);
// $placeholders = implode(', ', array_fill(0, count($values), '?'));

$stmt = $con->prepare(
    sprintf(
        "INSERT INTO %s (%s) VALUES (%s)", 
        $table, 
        implode(',', $fields), 
        $placeholders
    )
);
$stmt->execute($values);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 绑定参数 PDO 准备语句 - Binding Parameter PDO prepared Statement PHP / PDO-将数据绑定到准备好的SQL语句会破坏它 - PHP/PDO - Binding data to prepared SQL statement breaks it 准备好的语句值不具有约束力 - prepared statement values not binding PHP,PDO将动态数量的值绑定到语句中 - PHP, PDO binding dynamic number of values into the statement PHP PDO准备语句中的错误 - Error in PHP PDO Prepared Statement php pdo mssql准备好的语句 - php pdo mssql prepared statement PHP PDO准备好的语句没有执行 - PHP PDO prepared statement is not executing PHP PDO更新预备语句 - PHP PDO update prepared statement PHP PDO Basic编写的声明 - PHP PDO Basic prepared statement PHP 具有多个值的 PDO-MySQL 准备语句 - PHP PDO-MySQL prepared statement with multiple values
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM