我有一个很长的UNION,下面只是查询的摘要:
UNION
(
/* Get new contact requests to you */
SELECT r.registered, r.id, u.x_account_username, r.message AS comment, '' AS name, 'new_contact_request' AS type
FROM x_allies r
LEFT JOIN x_user u
ON r.from = u.id
WHERE r.registered BETWEEN '%s' AND '%s' AND r.to = '%s'
)
我一直在使用sprintf函数将正确的值插入查询中。
但是,我遇到了一个问题。
我的sprintf现在看起来像这样。
如何重用sprintf函数中的参数?
$query = sprintf($query, $c, $t, $c, $a, $c, $e, $profile_id, $profile_id, $profile_id, $tryblimp, $now, $profile_id, $c, $tryblimp, $now, $profile_id, $c, $tryblimp, $now, $profile_id, $c, $tryblimp);
I have seen implementations of re-using arguments within PHP, but I can't seem to get it working. Here is what I have found already.
您能帮我找到解决方案吗?
谢谢
最佳答案
将值直接插入到SQL查询字符串中是一种非常糟糕的做法,因为您应该非常小心参数引号。否则,这可能导致SQL注入或仅导致SQL错误。
我建议您使用PDO语句和parameters,如下所示:
$query = 'Select * FROM table WHERE registered BETWEEN :begin AND :end';
$parametersValues = array(':begin' => $bedigDate, ':end' => $endDate);
$statement = $db->prepare($query);
$statement->execute($parametersValues);
$result = $statement->fetchAll();
关于php - 重用Sprintf参数或PHP中的替代方法,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/23657762/