将参数传递给存储过程
[英]Passing params to stored procedure
问题描述
I'm getting following error 
我收到以下错误
SQLSTATE[42000]: [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Must pass parameter number 44 and subsequent parameters as '@name = value'.
and this is my code 这是我的代码
$pdowin->beginTransaction();
try {
// headers
$rows = $pdo->query("SELECT * FROM orders WHERE status = 2 AND productId IS NOT NULL GROUP BY id");
// fetch the rows
while ($row = $rows->fetch(PDO::FETCH_ASSOC)) {
$pdowin->query("EXEC sp_salesorderimport
@salesordernumberid = ".$row['id'].",
... // number of other params here
");
// items
$items = $pdo->query("SELECT * FROM orders WHERE id = " . $row['id'] . " ORDER BY name ASC");
while ($item = $items->fetch()) {
$pdowin->query("EXEC sp_salesorderrowimport
@salesordernumberid = ".$row['id'].",
@articleid = ".$item['artid'].",
... // number of other params here
");
}
}
$pdowin->commit();
echo "OK";
} catch (PDOException $e) {
$pdowin->rollback();
echo "ERROR: ".$e;
}
All queries work if I execute those separately. 如果我分别执行这些查询,则所有查询均有效。 Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0 2015-12-31 17:42:59
You should prepare your statement: 您应该准备您的声明:
$pdowin->beginTransaction();
try {
// headers
$rows = $pdo->query("SELECT * FROM orders WHERE status = 2 AND productId IS NOT NULL GROUP BY id");
$stmt = $pdowin->prepare("EXEC sp_salesorderimport
@salesordernumberid = :saleId,
... // number of other params here
");
// fetch the rows
while ($row = $rows->fetch(PDO::FETCH_ASSOC)) {
$stmt->bindValue(':saleId',$row['id']);
$stmt->execute();
It's not only for sql injection prevention, it avoid errors with quotes and escaping characters 它不仅用于防止SQL注入,而且还避免了引号和转义字符的错误
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.