2014-09-24 17:14

Oracle绑定所有$ _POST


I am using oci_bind_by_name().

oci_bind_by_name($stid, ":post1", $_POST['post1']);
oci_bind_by_name($stid, ":post2", $_POST['post2']);
oci_bind_by_name($stid, ":post3", $_POST['post3']);
oci_bind_by_name($stid, ":post4", $_POST['post4']);

Is it possible to do this dynamically in PHP, for all $_POST keys call oci_bind_by_name() of the same name?

Just to simplify my code, as I have 50 or so calls to oci_bind_by_name().

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • douzhan1238 douzhan1238 7年前

    It can be simply done with a foreach loop over the $_POST array, using the key as the parameter name:

    // Bind all in a loop:
    foreach ($_POST as $key => $value) {
      oci_bind_by_name($stid, ":$key", $value);

    However, you cannot guarantee that the client has sent you the keys in POST that you actually want. It is important then to check them against an array of keys that are actually valid for use in the prepared statement:

    $valid_keys = array(

    Then loop over those instead, checking that they were actually sent in the POST before attempting to use them.

    foreach ($valid_keys as $key) {
      if (!isset($_POST[$key])) {
         // ERROR! Needed key was not present in $_POST!
         // Break the loop if you can't execute the statement...
      else {
        oci_bind_by_name($stid, ":$key", $_POST[$key]);  

    If you are intending to build the prepared statement's SQL string dynamically, it is especially important to maintain a list of safe parameter names.

    点赞 评论 复制链接分享
  • dotcraq3249 dotcraq3249 5年前

    If you do use a simple foreach loop to bind each variable; do NOT bind to a loop variable $value

     // Bind all in a loop: but DO NOT use $value
     foreach ($_POST as $key => $value) {
        oci_bind_by_name($stid, ":$key", $_POST[$key]);

    To quote from the manual Example 3 of oci_bind_by_name():

    foreach ($ba as $key => $val) { 
       // oci_bind_by_name($stid, $key, $val) does not work
       // because it binds each placeholder to the same location: $val
       // instead use the actual location of the data: $ba[$key]
       oci_bind_by_name($stid, $key, $ba[$key]);
    点赞 评论 复制链接分享