dougan1465 2014-04-09 16:14
浏览 77
已采纳

PHP PDO有选择地使用bindParam

$pdo = $db_con->prepare("INSERT INTO agents (Agent_ID,Agent_Name,Agent_Branch) VALUES (?,?,?)");
$pdo->bindParam(1, $id);
$pdo->bindParam(2, $name);
$pdo->bindParam(3, $branch);
$pdo->execute();

So in this example I only need to really use bindParam on $branch because $name and $id have passed through a strict REGEX using preg_replace.

Is there a way to include these sanitised variables in the statement or any other way to shorten this code?

  • 写回答

1条回答 默认 最新

  • douhuiqi3855 2014-04-09 16:25
    关注

    The short way would be:

    $pdo = $db_con->prepare("INSERT INTO agents (Agent_ID,Agent_Name,Agent_Branch) VALUES (?,?,?)");
    $pdo->execute(array($id,$name,$branch));
    

    if you ever wanted to bind parameters, replace the question marks with placeholders:

    $pdo = $db_con->prepare("INSERT INTO agents (Agent_ID,Agent_Name,Agent_Branch) VALUES (:id,:name,:branch)");
    $pdo->bindParam(':id', $id);
    $pdo->bindParam(':name', $name);
    $pdo->bindParam(':branch', $branch);
    $pdo->execute();
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 前端加access数据库
  • ¥15 ARCGIS 多值提取到点 ERROR 999999
  • ¥15 mysql异常断电, [MY-011971] [InnoDB]
  • ¥15 uni.onBluetoothDeviceFound熄屏不运行
  • ¥35 关于shodan搜索网络摄像头的各种方法详解
  • ¥15 求PHDA糖尿病并发症数据集,有偿
  • ¥15 为什么AVL fire DVI 界面里面的response Editor project 中的Summary result 点不了
  • ¥20 中标麒麟系统V4.0,linux3.10.0的内核,3A4000处理器,如何安装英伟达或AMD的显卡驱动,
  • ¥20 求文心中文心理分析系统(TextMind)
  • ¥15 chipyard环境搭建问题