duanreng3439 2015-09-14 16:12
浏览 46
已采纳

PHP - 通过php函数传递pdo连接查询

So i'm trying to pass PDO Query by using php, like this(index.php):

include("dbconn.php");
mysqlConnect("'SELECT * FROM users WHERE name =' . $conn->quote($name))", "jeff");

while my dbconn file that contains the function is(dbconn.php):

function mysqlConnect($queryString, $name) {

    // DB Credentials
    $dbName = 'db';
    $dbUser = 'root';
    $dbPass = '';
    $dbHost = 'localhost';

try {
    $conn = new PDO("mysql:host=$dbHost;dbname=$dbName", $dbUser, $dbPass);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    // Here goes the first parameter, then it uses the second parameter as a variable
    $data = $conn->query($queryString);
    // So the output should be this:
    // $data = $conn->query('SELECT * FROM myTable WHERE name = ' . $conn->quote($name));

    foreach($data as $row) {
        print_r($row); 
    }
} catch(PDOException $e) {
    echo 'ERROR: ' . $e->getMessage();
}
}

So in my function call the php actually executes the $conn->quote($name)) code, making my application not work.

How should i do this? is this allowed in php?

Edit:

or in other words: i call a function and give it 2 parameters, one of the parameters(even tho it's in double quotes) is executed by php which shouldn't happen. How can i fix this

  • 写回答

1条回答 默认 最新

  • doushang8512 2015-09-14 17:16
    关注

    The way you wrote, it will never work. You just have to learn to distinguish a string literal from executable code.

    Anyways, you don't need such a frankenstein at all. There is already a mechanism to put your variable in the query, called prepared statements. You just have to use them.

    There are other issues with your code too. I've described them all in the article I wrote recently, The only proper guide on PDO, I am sure you will find it interesting - all the issues like wrong error handling, utterly wrong way to connect, lack of prepared statements - all described there. Having all of them solved, here goes the proper function you need:

    function pdo($sql, $data=[]) 
{
    global $pdo; // you can add a call to your favorite IoC here.
    $stmt = $pdo->prepare($sql);
    $stmt->execute($data);
    return $stmt;
}

    used as 

    include("dbconn.php");
$user = pdo("SELECT * FROM users WHERE name = ?", ["jeff"])->fetch();
var_dump($user);

    this is how PDO have to be used.

    By returning a statement, you'll be able to use all the power of PDO, getting data you need in one line, say a list

    $news = pdo("SELECT * FROM news ORDER BY id DESC")->fetchAll();
var_dump($news); // already an array

    or just a single value

    $count = pdo("SELECT count(*) FROM posts WHERE author=?", [$id])->fetchColumn();
var_dump($count); // already a number

    or simply by iterating results one by one

    $news = pdo("SELECT * FROM news ORDER BY id DESC")->fetchAll();
foreach ($news as $row) {
    var_dump($row);
}

    and so on.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog