PHP 内爆但用引号包裹每个元素
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10490860/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP Implode But Wrap Each Element In Quotes
提问by Justin
Assume I have an array:
假设我有一个数组:
$elements = array('foo', 'bar', 'tar', 'dar');
Then I want to build up a DELETE INSQL query:
然后我想建立一个DELETE INSQL 查询:
$SQL = "DELETE FROM elements
WHERE id IN ('" . implode(',', $elements) . "')";
The problem is that the ids in the elements array aren't quoted each individually. I.E the query looks like:
问题是元素数组中的 id 没有单独引用。IE 查询看起来像:
$SQL = "DELETE FROM elements
WHERE id IN ('foo,bar,tar,dar');
What's the best, most elegants way to fix this?
解决此问题的最佳,最优雅的方法是什么?
回答by nickb
Add the quotes into the implodecall: (I'm assuming you meant implode)
将引号添加到implode通话中:(我假设您的意思是implode)
$SQL = 'DELETE FROM elements
WHERE id IN ("' . implode('", "', $elements) . '")';
This produces:
这产生:
DELETE FROM elements WHERE id IN ("foo", "bar", "tar", "dar")
The best way to prevent against SQL injection is to make sure your elements are properly escaped.
防止 SQL 注入的最佳方法是确保您的元素被正确转义。
An easy thing to do that should work (but I haven't tested it) is to use either array_mapor array_walk, and escape every parameter, like so:
一个简单的方法应该可行(但我还没有测试过)是使用array_mapor array_walk,并转义每个参数,如下所示:
$elements = array();
$elements = array_map( 'mysql_real_escape_string', $elements);
回答by insign
You can use array_walkto iterate all the elements in side the array passing the reference to the element and add the quotes in the following way.
您可以使用array_walk迭代数组中的所有元素,传递对元素的引用,并按以下方式添加引号。
<?php
$arr = ['a','b','c'];
array_walk($arr, function(&$x) {$x = "'$x'";});
echo implode(',', $arr); // 'a','b','c'
?>
回答by ssharp_wp
You can run a simple array_map() function to wrap the strings in quotes and then wrap that around the implode() to add the commas:
您可以运行一个简单的 array_map() 函数将字符串括在引号中,然后将其包裹在 implode() 周围以添加逗号:
$array = ["one", "two", "three", "four"];
implode(",", array_map(function($string) {
return '"' . $string . '"';
}, $array));
回答by Azam Alvi
You can do like this as well
你也可以这样做
$elements = array('foo', 'bar', 'tar', 'dar');
$data = '"' . implode('", "', $elements) . '"';
echo $data; // "foo", "bar", "tar", "dar"
回答by n00bsauce
I just want to note that the top answer won't fully work. You will have a missing element at the end of your implode.
我只想指出,最重要的答案不会完全奏效。内爆结束时您将缺少一个元素。
So instead of:
所以而不是:
DELETE FROM elements WHERE id IN ("foo", "bar", "tar", "dar")
You will get:
你会得到:
DELETE FROM elements WHERE id IN ("foo", "bar", "tar", "dar)
Notice that the end element "dar is now missing a quote.
请注意,结束元素 "dar 现在缺少引号。
回答by techdude
Just to add to the top answer a bit here, even if you are using MySQLi it is possible to call real_escape_string using array_map by using the object method callableform. Here is an example, assuming $connis your MySQLi connection:
只是在这里补充一点,即使您使用的是 MySQLi,也可以使用对象方法callable形式使用 array_map 调用 real_escape_string 。这是一个示例,假设$conn是您的 MySQLi 连接:
$elements = array('foo', 'bar', 'tar', 'dar');
$cleanedElements = array_map([$conn, 'real_escape_string'], $ids);
$SQL = 'DELETE FROM elements WHERE id IN ("' . implode('", "', $elements) . '")';
Note that the first parameter of array_map is an array with the object followed by the method name. This is the same as executing the following for each item in the array:
请注意,array_map 的第一个参数是一个数组,对象后跟方法名称。这与对数组中的每个项目执行以下操作相同:
$newItem = $conn->real_escape_string($item);
