dongtang3155 2014-10-16 06:50
浏览 35
已采纳

从字符串中制作PDO

I'm in the process of procedurally making a PDO statement, so far i've got

    $sql = "UPDATE users SET ";
    $values_array = array();
    foreach($non_empty_fields as $key => $value){
        $sql .= $key;
        $sql .= " = :".$key.", ";
        $values_array[':'.$key] = $value;
    }
    $sql = substr($sql, 0, -2);
    $sql .= " WHERE id = :id";
    $values_array[':id'] = $user_id;

    $sth = $this->conn->prepare($sql);
    print_r($non_empty_fields);
    print_r($values_array);
    echo($sql);
    $sth -> execute($values_array);
    $num_affected_rows = $sth -> affected_rows;
    $sth -> close();

and when i run it, i get 

 Array
(
    [gender] => female
    [device_id] => 1213423489ydasxas98y76
)
Array
(
    [:gender] => female
    [:device_id] => 1213423489ydasxas98y76
    [:id] => 35
)
UPDATE users SET gender = :gender, device_id = :device_id WHERE id = :id<br />
<b>Fatal error</b>:  Call to a member function execute() on a non-object in <b>/Sites/api/include/DbHandler.php</b> on line <b>280</b><br />

I suspect its because I'm not setting the prepared statement properly, so my question is: how do you make a prepared statement from a string?

UPDATE:

call_user_func so the code now looks like:

    $sql = "UPDATE users SET ";
    $values_array = array();
    foreach($non_empty_fields as $key => $value){
        $sql .= $key;
        $sql .= " = ?, ";
        $values_array[] = &$value;
    }
    $sql = substr($sql, 0, -2);
    $sql .= " WHERE id = ?";
    $values_array[] = &$user_id;

    $sth = $this->conn->prepare($sql);
    $params = array_merge(array(str_repeat('s', count($values_array))), array_values($values_array));
    call_user_func_array(array(&$sth, 'bind_param'), $params);
    $sth -> execute();

now the error I'm getting isn't represented, pdo just doesn't update the table.

  • 写回答

1条回答 默认 最新

  • dsigg21445 2014-10-16 08:59
    关注

    Oh Mysqli? i thought you said it was PDO. Mysqli doesnt support named markers like :id, you have to use question marks like ?

    This parameter can include one or more parameter markers in the SQL statement by embedding question mark (?) characters at the appropriate positions.

    Reference

    And for PDO you can use either

    Prepares an SQL statement to be executed by the PDOStatement::execute() method. The SQL statement can contain zero or more named (:name) or question mark (?) parameter markers for which real values will be substituted when the statement is executed. You cannot use both named and question mark parameter markers within the same SQL statement; pick one or the other parameter style. Use these parameters to bind any user-input, do not include the user-input directly in the query.

    Manual

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 Centos7 / PETGEM
  • ¥15 csmar数据进行spss描述性统计分析
  • ¥15 各位请问平行检验趋势图这样要怎么调整?说标准差差异太大了
  • ¥15 delphi webbrowser组件网页下拉菜单自动选择问题
  • ¥15 wpf界面一直接收PLC给过来的信号,导致UI界面操作起来会卡顿
  • ¥15 init i2c:2 freq:100000[MAIXPY]: find ov2640[MAIXPY]: find ov sensor是main文件哪里有问题吗
  • ¥15 运动想象脑电信号数据集.vhdr
  • ¥15 三因素重复测量数据R语句编写,不存在交互作用
  • ¥15 微信会员卡等级和折扣规则
  • ¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗