How to implement php pdo parameterized query-PHP Problem-php.cn

How to implement php pdo parameterized query

藏色散人

Release： 2023-03-12 19:16:02

Original

2025 people have browsed it

In PHP, you can use the prepare method to perform PDO parameterized queries. This method will return a PDOStatement object, using syntax such as "prepare('SELECT login_oid FROM logged in WHERE user_id=...".

How to implement php pdo parameterized query

The operating environment of this article: Windows 7 system, PHP7.1, Dell G3 computer.

How to implement php pdo parameterized query?

PDO parameterized query prepare() php prevents SQL injection

Parameterized query in PDO mainly uses the prepare() method, and then this method will return a PDOStatement object, which is a SQL statement (not Know how to translate), at this time the SQL statement is only compiled, but not executed. After calling the method in PDOStatement, the SQL statement will be executed, as in the following example:

$sm = $db->prepare(&#39;SELECT login_oid FROM logined WHERE user_id=:user_id;&#39;);
$sm->bindValue(&#39;:user_id&#39;, $user_id, PDO::PARAM_INT);
$sm -> execute();

Copy after login

Before execute() is executed, you can call bindValue( ) or bindParam() method to replace the parameters you specified in the previously prepared SQL statement. There are two ways to specify parameters in the SQL statement: ':name' and '?'. The former one is used in the above code. The latter method is:

$sm = $db->prepare(&#39;SELECT * FROM fruit WHERE calories < ?;&#39;);
$sm->bindValue(1, $calories, PDO::PARAM_INT);
$sm->execute();

Copy after login

bindValue() has three parameters. The first specifies which parameter in the SQL statement is to be replaced, the second specifies the replaced value, and the third specifies the value. Type, the type corresponds to the following:

PDO::PARAM_BOOL

Copy after login

Boolean type

PDO::PARAM_NULL

Copy after login

NULL type

PDO::PARAM_INT

Copy after login

Integer type

PDO::PARAM_STR

Copy after login

String type such as CHAR, VARCHAR, string

PDO::PARAM_LOB

Copy after login

Resource class large objects, such as files, etc.

PDO::PARAM_STMT

Copy after login

I don’t know

PDO::PARAM_INPUT_OUTPUT

Copy after login

This seems to be an extended type

There is no real number type provided, which is very surprising .

Let’s talk about the execute() method. It can also do parameter substitution, but it will change the types of all values into string types, as follows

$sm = $db->prepare(&#39;SELECT * FROM fruit WHERE calories < ?;&#39;);
$sm->execute(array($calories));

Copy after login

Multi-parameter substitution is as follows

$sm = $db->prepare(&#39;SELECT * FROM fruit WHERE calories < ?, id < ?;&#39;);
$sm->execute(array($calories, $user_id));

Copy after login

Recommended learning: "PHP Video Tutorial"

The above is the detailed content of How to implement php pdo parameterized query. For more information, please follow other related articles on the PHP Chinese website!