Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > 关于pdo引用传参,字段是不是不能当成参数传入?

关于pdo引用传参,字段是不是不能当成参数传入?

WBOY
Release: 2016-06-23 13:49:55
Original
1227 people have browsed it

$pdo= new PDO ( 'mysql:host=localhost;dbname=test;', 'root', '123456', array (		PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'",		PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION) );$stmt=$pdo->prepare('select ? from tianya_post where id=1');$stmt->bindValue(1, 'title');$stmt->execute();print_r($stmt->fetch());
Copy after login


第一行记录的标题是:“我和嫂子的那些事儿”
但,列位看官,猜下结果是什么?
Array
(
    [title] => title
    [0] => title
)

为什么会这样?
如果用
select title from tianya_post where id=?
$stmt->bindValue(1, 1);
可以得到正确的标题的。


回复讨论(解决方案)

字段列表不是参数!

http://blog.csdn.net/fdipzone/article/details/22330345

需要注意的是以下几种情况,PDO并不能帮助你防范SQL注入。
不能让占位符 ? 代替一组值,这样只会获取到这组数据的第一个值,如:
select * from table where userid in ( ? );  
如果要用in?查找,可以改用find_in_set()实现
$ids = '1,2,3,4,5,6';  
select * from table where find_in_set(userid, ?);  

不能让占位符代替数据表名或列名,如:
select * from table order by ?;  

不能让占位符 ? 代替任何其他SQL语法,如:
select extract( ? from addtime) as mytime from table; 

Related labels:
parameter Field Quote
source:php.cn
Previous article:PHP实现对mysql数据库内容分页显示 Next article:刚刚在phpmyadmin 添加了几个索引,现在删除不了了,咋办?
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
PHP arrays obtained from URL parameters do not behave as expected I have a URL parameter that contains the category ID and I want to treat it as an array li...
From 2024-04-06 22:09:02
0
1
1428
Move the content to the left by adding the Width property I have provided margins to the body. main {left margin: 200px; right margin: 200px; text a...
From 2024-04-06 22:01:35
0
3
816
Where should I place CustomLog directive in apache I'm using php:7.2-apachedocker. I need to disable health check url login access log. Based...
From 2024-04-06 22:03:59
0
1
990
The page suddenly cannot pull css or bootstrap So I'm developing a page, I did part of it yesterday and it worked great, and today I cont...
From 2024-04-06 21:58:04
0
1
800
Dynamically modify inline CSS styles in Javafx I'm trying to change the background image of a pane when the application is maximized. My ...
From 2024-04-06 20:57:16
0
1
487
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template