duanreng3439 2015-09-14 16:12
浏览 46
已采纳

PHP - 通过php函数传递pdo连接查询

So i'm trying to pass PDO Query by using php, like this(index.php):

include("dbconn.php");
mysqlConnect("'SELECT * FROM users WHERE name =' . $conn->quote($name))", "jeff");

while my dbconn file that contains the function is(dbconn.php):

function mysqlConnect($queryString, $name) {

    // DB Credentials
    $dbName = 'db';
    $dbUser = 'root';
    $dbPass = '';
    $dbHost = 'localhost';

try {
    $conn = new PDO("mysql:host=$dbHost;dbname=$dbName", $dbUser, $dbPass);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    // Here goes the first parameter, then it uses the second parameter as a variable
    $data = $conn->query($queryString);
    // So the output should be this:
    // $data = $conn->query('SELECT * FROM myTable WHERE name = ' . $conn->quote($name));

    foreach($data as $row) {
        print_r($row); 
    }
} catch(PDOException $e) {
    echo 'ERROR: ' . $e->getMessage();
}
}

So in my function call the php actually executes the $conn->quote($name)) code, making my application not work.

How should i do this? is this allowed in php?

Edit:

or in other words: i call a function and give it 2 parameters, one of the parameters(even tho it's in double quotes) is executed by php which shouldn't happen. How can i fix this

  • 写回答

1条回答 默认 最新

  • doushang8512 2015-09-14 17:16
    关注

    The way you wrote, it will never work. You just have to learn to distinguish a string literal from executable code.

    Anyways, you don't need such a frankenstein at all. There is already a mechanism to put your variable in the query, called prepared statements. You just have to use them.

    There are other issues with your code too. I've described them all in the article I wrote recently, The only proper guide on PDO, I am sure you will find it interesting - all the issues like wrong error handling, utterly wrong way to connect, lack of prepared statements - all described there. Having all of them solved, here goes the proper function you need:

    function pdo($sql, $data=[]) 
{
    global $pdo; // you can add a call to your favorite IoC here.
    $stmt = $pdo->prepare($sql);
    $stmt->execute($data);
    return $stmt;
}

    used as 

    include("dbconn.php");
$user = pdo("SELECT * FROM users WHERE name = ?", ["jeff"])->fetch();
var_dump($user);

    this is how PDO have to be used.

    By returning a statement, you'll be able to use all the power of PDO, getting data you need in one line, say a list

    $news = pdo("SELECT * FROM news ORDER BY id DESC")->fetchAll();
var_dump($news); // already an array

    or just a single value

    $count = pdo("SELECT count(*) FROM posts WHERE author=?", [$id])->fetchColumn();
var_dump($count); // already a number

    or simply by iterating results one by one

    $news = pdo("SELECT * FROM news ORDER BY id DESC")->fetchAll();
foreach ($news as $row) {
    var_dump($row);
}

    and so on.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 乌班图ip地址配置及远程SSH
  • ¥15 怎么让点阵屏显示静态爱心,用keiluVision5写出让点阵屏显示静态爱心的代码,越快越好
  • ¥15 PSPICE制作一个加法器
  • ¥15 javaweb项目无法正常跳转
  • ¥15 VMBox虚拟机无法访问
  • ¥15 skd显示找不到头文件
  • ¥15 机器视觉中图片中长度与真实长度的关系
  • ¥15 fastreport table 怎么只让每页的最下面和最顶部有横线
  • ¥15 java 的protected权限 ,问题在注释里
  • ¥15 这个是哪里有问题啊?