php 大括号 {} 在 SQL 查询中有什么作用?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9104684/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
what does curly brackets {} do in a SQL query?
提问by Average Joe
For example, check this following query;
例如,检查以下查询;
$query = "SELECT * FROM users WHERE user='{$_POST['username']}';
What's the use?
什么用途?
In string contexts, I do understand the problem it solves.
I can do stuff like
$animal = "cat"
echo "{$animal}s." // outputs cats
在字符串上下文中,我确实理解它解决的问题。
我可以做一些类似 $animal = "cat" echo "{$animal}s." 的事情。// 输出猫
but in the SQL I posted above, I just don't get it. Wouldn't the following be equally good?
但是在我上面发布的 SQL 中,我只是不明白。以下不是同样好的吗?
$query = "SELECT * FROM users WHERE user='$_POST['username']' AND password='$_POST['password']'";
So, Where does using the { and } get handy? Appreciate any example in SQL context?
那么,在哪里使用 { 和 } 会很方便?欣赏 SQL 上下文中的任何示例?
回答by mario
See http://www.php.net/manual/de/language.types.string.php#language.types.string.parsingfor the double quote string syntax.
有关双引号字符串语法,请参阅http://www.php.net/manual/de/language.types.string.php#language.types.string.parsing。
The curly braces are for complex variable expressions. They are interpreted by PHP, not by the SQL interface.
花括号用于复杂的变量表达式。它们由 PHP 解释,而不是由 SQL 接口解释。
$query = "SELECT * FROM users WHERE user='$_POST['username']' AND password='$_POST['password']'";
The above will lead to an parsing error. Without curly braces you have to write:
以上会导致解析错误。没有花括号,你必须写:
$query = "SELECT * FROM users WHERE user='$_POST[username]' AND password='$_POST[password]'";
Note the lack of key quotes. This only works for a simple array access, and for a simple object property expression. For anything more complex, use the curly braces.
请注意缺少关键引号。这仅适用于简单的数组访问和简单的对象属性表达式。对于更复杂的事情,请使用花括号。
Now that you know that, do a pinky swear that you won't ever do so. Because interpolating user input directly there is not a good idea. http://bobby-tables.com/
既然你知道了,就发誓你永远不会这样做。因为直接插入用户输入不是一个好主意。http://bobby-tables.com/
Do yourself a favour and use PDO withprepared statements. Somuch easier.
帮自己一个忙,将PDO与准备好的语句一起使用。所以,要容易得多。
But to give an example for a more complex curly string syntax, this is what I'd do:
但是举一个更复杂的卷曲字符串语法的例子,这就是我要做的:
$query = "SELECT * FROM users WHERE user={$_POST->id->sql['username']}";
(Does some inline filtering and quoting. Just as example, does not work with default PHP setups.)
(进行一些内联过滤和引用。例如,不适用于默认的 PHP 设置。)
回答by Andreas Helgegren
PHP can not convert a dictionary item directly in a string. You have to do like this:
PHP 不能直接在字符串中转换字典项。你必须这样做:
query = "SELECT * FROM users WHERE user='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'";
the curlybrackets is a other way to write this without concating strings like my example
花括号是另一种写法,而不像我的例子那样连接字符串
