堆栈内存溢出
  简体   繁体   English

使用PDO插入值

[英]Inserting values using PDO

 原文  2016-03-23 18:24:04       php/ mysql/ pdo

问题描述

•So I'm trying to change my coding habits and want to at least prevent SQL Injections. •因此,我试图改变我的编码习惯,并希望至少防止SQL注入。 However, I'm still confuse about the parameters or syntax in creating a query. 但是,我仍然对创建查询中的参数或语法感到困惑。 For instance, 例如,

$q = //LINE 1 "insert into tblProject(projectName, projectLocation, projectType, projectStatus) //LINE 2 values(:projectName, :projectLocation, :projectType, :projectStatus);";

I believe that the first line refers to the column name in the database , however in LINE 2 , what does ':" means and what does it do? Where does the values inside the values() references? Does it refers to the variable I declared, for instance, $projectName = $_POST['projectName']; . Does it refer to the $projectName or the value inside the $_POST['projectName'] ? 我相信第一行是指数据库中的列名,但是在LINE 2 ,“:”是什么意思,它是做什么的呢? values()内的values()在哪里引用呢?声明,例如$projectName = $_POST['projectName'];它引用$ projectName还是$_POST['projectName']内部的值?

•Another question is all about this ...->execute(array(...)); •另一个问题是关于...->execute(array(...)); Let's use this code as example: 让我们以以下代码为例: 

$results = $query->execute(array(
":projectName"      => $projectName,
":projectLocation"  => $projectLocation,
":projectType"      => $projectType,
":projectStatus"    => $projectStatus
));

Can you explain briefly but precise what it does? 您能简要但准确地解释它的作用吗? And also, where does :projectName and so on.. Came from or where is their origin? 而且, :projectName等等在哪里。.从哪里来的?

•It uses an array(). •它使用array()。 Therefore, if I were to only update or insert a single value and use execute(array()) , will it cause me any error? 因此,如果我仅更新或插入单个值并使用execute(array()) ,是否会导致任何错误?

I believe I ask too much question, any good references where I can find most of the answers here? 我相信我问了太多问题,有什么好的参考资料可以在这里找到大部分答案吗?

Thanks in advance. 提前致谢。

1 个解决方案

解决方案1
 2 已采纳  2016-03-23 18:27:33

The two parts of your question are the same. 您的问题的两个部分是相同的。 The names with the colons is how you specify the name of your binding. 带冒号的名称是您指定绑定名称的方式。 When you use the bindValue/bindParam or execute, you say "this :parameter is actually this value". 当您使用bindValue / bindParam或执行时,您说“ this:parameter实际上是此值”。 So it will take your query: 因此,它将接受您的查询: 

$q =  "insert into tblProject(projectName, projectLocation, projectType, projectStatus) 
   values(:projectName, :projectLocation, :projectType, :projectStatus);";

Then when you execute it with this: 然后,当您执行此操作时: 

$results = $query->execute(array(
":projectName"      => $projectName,
":projectLocation"  => $projectLocation,
":projectType"      => $projectType,
":projectStatus"    => $projectStatus
));

the driver will go through and say "Okay, so the value of $projectName needs to be escaped and used in place of :projectName in the query, and $projectLocation should be :projectLocation..." and so on and so forth 驱动程序将经过说:“好吧,因此需要对$ projectName的值进行转义并代替查询中的:projectName使用,而$ projectLocation应该为:projectLocation ...”,依此类推,依此类推

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用PDO在mysql表中插入多个值 - inserting multiple values in mysql table using PDO 使用PDO-mysql将值插入数据库 - Inserting values into database using PDO-mysql 使用 PDO 插入数据库 - Inserting into database using a PDO 在Jquery AJAX PHP中使用PDO将值插入数据库 - Inserting values into database using PDO in Jquery AJAX PHP PDO将3个表单值插入到4个表中 - PDO inserting 3 forms values to 4 tables PDO 正在为空值插入“null” - PDO is inserting "null" for empty values PDO插入未插入多个值 - PDO insert not inserting with multiple values 使用PDO将日期插入表格 - Inserting a date into a table using PDO 在php中使用PDO bindValue插入 - Inserting using PDO bindValue in php 使用PDO插入不插入数据 - INSERT INTO using PDO not inserting data
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM