問題描述

我想使用一個準備好的語句，其中傳入的參數用于 ORDER BY 和 LIMIT 子句，如下所示:

I want to use a prepared statement in which the passed-in parameters are for the ORDER BY and LIMIT clauses, like so:

$sql = 'SELECT * FROM table ORDER BY :sort :dir LIMIT :start, :results';
$stmt = $dbh->prepare($sql);
$stmt->execute(array(
     'sort'  => $_GET['sort'], 
     'dir'  => $_GET['dir'], 
     'start'  => $_GET['start'],
     'results' => $_GET['results'],
     )
    );

但是 $stmt->fetchAll(PDO::FETCH_ASSOC); 什么都不返回.

But $stmt->fetchAll(PDO::FETCH_ASSOC); returns nothing.

有人能指出我做錯了什么嗎?可以做到嗎?如果沒有，我應該參考哪些可以使用參數的子句的完整列表?

Can someone point out what's the wrong thing I am doing? Can it be done? If not,what should I reference for a complete list of clauses where parameters can be used?

推薦答案

使用后:

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

我收到了消息:

未捕獲的異常 'PDOException' 與消息SQLSTATE[42000]:語法錯誤或訪問沖突:1064 你有一個SQL 語法錯誤；檢查與您的 MySQL 相對應的手冊正確語法的服務器版本在第 1 行的0"、10"附近使用

Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0', '10'' at line 1

因此，當您使用數組進行執行時，它會將您的輸入視為字符串，這對于 LIMIT 來說不是一個好主意

So, when you use an array for execute, it consider your inputs as string which is not a good idea for LIMIT

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT * FROM table ORDER BY :sort :dir LIMIT :start, :results";
$stmt = $dbh->prepare($sql);
$stmt->bindParam(':start', $_GET['start'], PDO::PARAM_INT);
$stmt->bindParam(':results', $_GET['results'], PDO::PARAM_INT);
$stmt->bindParam(':sort', $_GET['sort']);
$stmt->bindParam(':dir', $_GET['dir']);
$stmt->execute();

$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
print_r($data);

這篇關于如何將 pdo 的準備好的語句用于 order by 和 limit 子句?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！