drlq92444 2013-07-02 14:14
浏览 30
已采纳

使用WHERE无法搜索使用预准备语句添加的数据

Data that I add inside an SQLite3 db using prapared statements are not searchable with WHERE:

SELECT Active FROM Users WHERE Username="john"

I have a demonstration in PHP that adds data with a prepared and a direct statement and then tries to search for them.

My questions are two:

  1. Why is this happening?
  2. How can I search data that I add through prepared statements?

Here is the PHP script.

<?php

error_reporting(E_ALL);
date_default_timezone_set('Europe/Helsinki');
ini_set('default_charset', 'UTF-8');
mb_internal_encoding("UTF-8");
header('Content-Type: text/html; charset=UTF-8');

$timezone = date('Z');
$db = '';

// ---

//
// adds a user in the db with a prepared statement
//

function add_user1($name, $pass)
{
    global $timezone;
    global $db;

    $time = time();

    try
    {
        $statement = "INSERT INTO Users (Username, Password, Time, Timezone, Active) VALUES     (:Username,:Password,:Time,:Timezone,:Active);";    
        $query = $db->prepare($statement);
        $query->bindValue(':Username', $name, SQLITE3_TEXT);
        $query->bindValue(':Password', $pass, SQLITE3_TEXT);
        $query->bindValue(':Time', $time, SQLITE3_INTEGER);
        $query->bindValue(':Timezone', $timezone, SQLITE3_INTEGER);
        $query->bindValue(':Active', '1', SQLITE3_INTEGER);
        $ok = $query->execute();
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
}

//
// adds a user in the db with a direct execution
//

function add_user2($name, $pass)
{
    global $timezone;
    global $db;

    $time = time();

    try
    {
        $db->exec('INSERT INTO Users (Username, Password, Time, Timezone, Active) VALUES ("' .     $name . '", "' . $pass . '", ' . $time . ', ' . $timezone . ', 1);');
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
}

//
// seeks a password for a given username
//

function seek($user)
{
    global $timezone;
    global $db;

    try
    {
        // previous tests showed that this doesn't work on all cases
        $result = $db->query('SELECT Password FROM Users WHERE Username="'. $user . '"');
        foreach ($result as $row)
        {
            $password = $row['Password'];
            echo "search through SQLite: password for $user is $password
";
        }

        $result = $db->query("SELECT * FROM Users");
        foreach($result as $row)
        {
            $username = $row['Username'];
            $password = $row['Password'];

            if ($username == $user)
            {
                echo " search through array: password for $username is $password";
                break;
            }
        }
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
}

// ---

echo "<pre>
";

try
{
    $db = new PDO('sqlite::memory:');
    $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
                                                                            $db->exec("CREATE     TABLE     IF     NOT         EXISTS         Users     (Id             INTEGER         PRIMARY     KEY,         Username     TEXT     UNIQUE     NOT NULL, Password TEXT NOT NULL, Time INTEGER UNIQUE NOT NULL, Timezone INTEGER NOT NULL, Active BOOLEAN NOT NULL);");
}
catch(PDOException $exception)
{
    echo $exception->getMessage();
}

add_user1("Bob", "cat");
sleep(1);
add_user1("Mark", "dog");
sleep(1);
add_user2("John", "mouse");
sleep(1);
add_user2("Alice", "rodent");

try
{
    $result = $db->query('SELECT * FROM Users');
    foreach ($result as $row)
    {
        echo "      Id: " . $row['Id'] . "
";
        echo "Username: " . $row['Username'] . "
";
        echo "Password: " . $row['Password'] . "
";
        echo "    Time: " . $row['Time'] . "
";
        echo "Timezone: " . $row['Timezone'] . "
";
        echo "  Active: " . $row['Active'] . "
";
        echo "
";
    }
}
catch(PDOException $exception)
{
    echo $exception->getMessage();
}

seek("Alice");

echo "

";

seek("Mark");


$db = NULL;

?>
  • 写回答

1条回答 默认 最新

  • dpu66046 2013-07-03 14:19
    关注

    Someone told me I should remove the types on the binding. I did and it works :)

    Thanks anyone who read it.

    Here is the full working example.

    <?php
    
    error_reporting(E_ALL);
    date_default_timezone_set('Europe/Helsinki');
    ini_set('default_charset', 'UTF-8');
    mb_internal_encoding("UTF-8");
    header('Content-Type: text/html; charset=UTF-8');
    
    $timezone = date('Z');
    $db = '';
    
    // ---
    
    //
    // adds a user in the db with a prepared statement
    //
    
    function add_user1($name, $pass)
    {
        global $timezone;
        global $db;
    
        $time = time();
    
        try
        {
            $statement = "INSERT INTO Users (Username, Password, Time, Timezone, Active)     VALUES     (:Username,:Password,:Time,:Timezone,:Active);";    
            $query = $db->prepare($statement);
            $query->bindValue(':Username', $name);
            $query->bindValue(':Password', $pass);
            $query->bindValue(':Time', $time);
            $query->bindValue(':Timezone', $timezone);
            $query->bindValue(':Active', '1');
            $ok = $query->execute();
        }
        catch(PDOException $exception)
        {
            echo $exception->getMessage();
        }
    }
    
    //
    // adds a user in the db with a direct execution
    //
    
    function add_user2($name, $pass)
    {
        global $timezone;
        global $db;
    
        $time = time();
    
        try
        {
            $db->exec('INSERT INTO Users (Username, Password, Time, Timezone, Active) VALUES ("'     .     $name . '", "' . $pass . '", ' . $time . ', ' . $timezone . ', 1);');
        }
        catch(PDOException $exception)
        {
            echo $exception->getMessage();
        }
    }
    
    //
    // seeks a password for a given username
    //
    
    function seek($user)
    {
        global $timezone;
        global $db;
    
        try
        {
            // previous tests showed that this doesn't work on all cases
            $result = $db->query('SELECT Password FROM Users WHERE Username="'. $user . '"');
            foreach ($result as $row)
            {
                $password = $row['Password'];
                echo "search through SQLite: password for $user is $password
    ";
            }
    
            $result = $db->query("SELECT * FROM Users");
            foreach($result as $row)
            {
                $username = $row['Username'];
                $password = $row['Password'];
    
                if ($username == $user)
                {
                    echo " search through array: password for $username is $password";
                    break;
                }
            }
        }
        catch(PDOException $exception)
        {
            echo $exception->getMessage();
        }
    }
    
    // ---
    
    echo "<pre>
    ";
    
    try
    {
        $db = new PDO('sqlite::memory:');
        $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
                                                                                                                                                                        $db->exec("CREATE             TABLE                 IF                 NOT                         EXISTS                 Users                 (Id                 INTEGER         PRIMARY     KEY,         Username     TEXT     UNIQUE     NOT NULL, Password TEXT NOT NULL, Time INTEGER UNIQUE NOT NULL, Timezone INTEGER NOT NULL, Active BOOLEAN NOT NULL);");
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
    
    add_user1("Bob", "cat");
    sleep(1);
    add_user1("Mark", "dog");
    sleep(1);
    add_user2("John", "mouse");
    sleep(1);
    add_user2("Alice", "rodent");
    
    try
    {
        $result = $db->query('SELECT * FROM Users');
        foreach ($result as $row)
        {
            echo "      Id: " . $row['Id'] . "
    ";
            echo "Username: " . $row['Username'] . "
    ";
            echo "Password: " . $row['Password'] . "
    ";
            echo "    Time: " . $row['Time'] . "
    ";
            echo "Timezone: " . $row['Timezone'] . "
    ";
            echo "  Active: " . $row['Active'] . "
    ";
            echo "
    ";
        }
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
    
    seek("Alice");
    
    echo "
    
    ";
    
    seek("Mark");
    
    
    $db = NULL;
    
    ?>
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 ubuntu系统下挂载磁盘上执行./提示权限不够
  • ¥15 Arcgis相交分析无法绘制一个或多个图形
  • ¥15 seatunnel-web使用SQL组件时候后台报错,无法找到表格
  • ¥15 fpga自动售货机数码管(相关搜索:数字时钟)
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?