dougan1465 2014-04-09 16:14
浏览 77
已采纳

PHP PDO有选择地使用bindParam

$pdo = $db_con->prepare("INSERT INTO agents (Agent_ID,Agent_Name,Agent_Branch) VALUES (?,?,?)");
$pdo->bindParam(1, $id);
$pdo->bindParam(2, $name);
$pdo->bindParam(3, $branch);
$pdo->execute();

So in this example I only need to really use bindParam on $branch because $name and $id have passed through a strict REGEX using preg_replace.

Is there a way to include these sanitised variables in the statement or any other way to shorten this code?

  • 写回答

1条回答 默认 最新

  • douhuiqi3855 2014-04-09 16:25
    关注

    The short way would be:

    $pdo = $db_con->prepare("INSERT INTO agents (Agent_ID,Agent_Name,Agent_Branch) VALUES (?,?,?)");
$pdo->execute(array($id,$name,$branch));

    if you ever wanted to bind parameters, replace the question marks with placeholders:

    $pdo = $db_con->prepare("INSERT INTO agents (Agent_ID,Agent_Name,Agent_Branch) VALUES (:id,:name,:branch)");
$pdo->bindParam(':id', $id);
$pdo->bindParam(':name', $name);
$pdo->bindParam(':branch', $branch);
$pdo->execute();
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 python中transformers可以正常下载,但是没有办法使用pipeline
  • ¥50 分布式追踪trace异常问题
  • ¥15 人在外地出差,速帮一点点
  • ¥15 如何使用canvas在图片上进行如下的标注,以下代码不起作用,如何修改
  • ¥15 Windows 系统cmd后提示“加载用户设置时遇到错误”
  • ¥50 vue router 动态路由问题
  • ¥15 关于#.net#的问题:End Function
  • ¥15 无法import pycausal
  • ¥15 weditor无法连接模拟器Local server not started, start with?
  • ¥20 6-3 String类定义