本文介绍了如何在PHP中为动态查询构建参数化的PDO语句?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
很抱歉是否已被问到.我已经看到了有关静态SQL的答案,但是在这种情况下,我想对运行时动态生成的查询字符串使用PDO-> prepare().
Apologies if this has been asked already. I've seen answers regarding static SQLs, but in this case I'd like to use PDO->prepare() for a query string that is built dynamically at runtime.
简单地讲一个例子:
$TempSQL = "SELECT field1, field2, field3 FROM table WHERE ";
if ($numberParams == 1) {
$TempSQL = $TempSQL . " field1 = '$val1' ";
} else {
$TempSQL = $TempSQL . " field2 = '$val2' ";
$TempSQL = $TempSQL . " AND field3 = '$val3' ";
}
db->query($TempSQL);
如何将其重写为db-> prepare()?
How do I rewrite this as a db->prepare()?
我是否也应该动态地构建语句-> execute(array(':param'=> $ var)))?
Should I build the statement->execute(array(':param' => $var))) on the fly as well?
有没有更好/更整洁的方式?
Is there a better / neater way?
推荐答案
也许是这样的. (未试用)
Perhaps something like this. (untested)
$TempSQL = "SELECT field1, field2, field3 FROM table WHERE ";
$args=array();
if ($numberParams == 1) {
$TempSQL = $TempSQL . " field1 = :val1"
$args[':val1']=$val1;
} else {
$TempSQL = $TempSQL . " field2 = :val2 and field3 = :val3";
$args[':val2']=$val2;
$args[':val3']=$val3;
}
$stmt=$db->prepare($TempSQL);
$stmt->execute($args);
这篇关于如何在PHP中为动态查询构建参数化的PDO语句?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!