如何在 PHP 中绑定 SQL 变量?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1860130/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to bind SQL variables in PHP?
提问by Robert Gould
I want to bind variables instead of just building SQL strings. Anyway to do this in Php?
我想绑定变量而不是仅仅构建 SQL 字符串。无论如何要在 PHP 中做到这一点?
Either MySQL or PostgreSQL answers would help.
MySQL 或 PostgreSQL 的答案都会有所帮助。
Thanks
谢谢
回答by VolkerK
There's e.g. PDO.
An introduction to pdo and prepared statements (including bound parameters) is located at http://docs.php.net/pdo.prepared-statements
有例如PDO。
有关 pdo 和准备好的语句(包括绑定参数)的介绍位于http://docs.php.net/pdo.prepared-statements
回答by sp.
You should read on the MySQL Improved Extension (MySQLi) at http://php.net/manual/en/book.mysqli.php, and on prepared statements
您应该阅读http://php.net/manual/en/book.mysqli.php上的 MySQL 改进扩展 (MySQLi)和准备好的语句
回答by Milen A. Radev
For Postgresspecifically - pg_query_params(and pg_send_query_params) is the most primitive form of binding but still very useful.
特别是对于Postgres- pg_query_params(和pg_send_query_params) 是最原始的绑定形式,但仍然非常有用。
And then there's PDO but the others already mentioned it.
然后是 PDO,但其他人已经提到了它。
回答by Corey Ballou
There are a couple of flavors. I believe the more savvy individuals here will push for you to use PDO prepared statements. There is also a sprintf() version.
有几种口味。我相信这里更精明的人会推动您使用 PDO 准备好的语句。还有一个 sprintf() 版本。
PDO
PDO
An answer has already been discussed on StackOverflow here.
这里已经在 StackOverflow 上讨论了一个答案。
SPRINTF
冲刺特遣队
$sql = sprintf('SELECT * FROM table WHERE id = %d AND field = %s',
$id,
mysql_real_escape_string($value));
