How define the variable type in PDOStatement::bindValue()?

别说谁变了你拦得住时间么 提交于 2019-12-03 17:48:01

问题


The PDOStatement::bindValue() method offers a way to specify the type of the variable bound:

PDOStatement::bindValue ( $parameter , $value [, $data_type = PDO::PARAM_STR ] )

I'm wondering, what's the purpose of specifying the data type, whereas when leaved as default (PARAM_STR) eventually the database will anyway cast the value to the proper type before using it?

For example, if you have these queries over an INTEGER field:

INSERT INTO table (integerField) VALUES (?) ;
SELECT * FROM table WHERE integerField = ?  ;

And you bind an integer in PHP, PDO will by default bind it as a string, which is equivalent as:

INSERT INTO table (integerField) VALUES ("1") ;
SELECT * FROM table WHERE integerField = "1"  ;

That will work flawlessly, because the SQL database (at least MySQL, I'm not really aware of how that would work on other RDBMS) knows how to convert the string back to an integer before using it.

What are the use cases where it would make a difference to bound typed parameters vs strings?


回答1:


I'm no PDO-expert, but I can think of a few scenarioes where the data_type parameter is both useful and even needed.

Output parameters

When you define output or input/output parameters, you must provide both type and length of the expected output parameter.

Ref: http://www.php.net/manual/en/pdo.prepared-statements.php

Example #4

$stmt = $dbh->prepare("CALL sp_returns_string(?)");
$stmt->bindParam(1, $return_value, PDO::PARAM_STR, 4000); 

Example #5

$stmt = $dbh->prepare("CALL sp_takes_string_returns_string(?)");
$value = 'hello';
$stmt->bindParam(1, $value, PDO::PARAM_STR|PDO::PARAM_INPUT_OUTPUT, 4000); 

DBMs without implicit casting

Explained in another answer to this question...

When parameter is not bound to castable data

Even databases with casting abilities will not always be able to cast you variable correctly.

Ref: Reasons to strongly type parameters in PDO?

$limit = 1;

$dbh->prepare("SELECT * FROM items LIMIT :limit");
$dbh->bindParam(":limit", $limit, PDO::PARAM_STR); 
// Will throw "You have an error in your SQL syntax..."



回答2:


That's mainly for interacting with databases that require correct typing. For example, if you enable strict mode in MySQL, you will get errors (failed queries) instead of warnings when there are type mismatches.

By default, MySQL does its best to convert data properly. But if you have ever seen 0000-00-00 in a date field, that is very likely the result of mysql trying to convert a string to a date and failing. In strict mode, the query would fail instead of trying to convert and using whatever the result is.




回答3:


The data type parameter to PDOStatement::bindValue() isn't terribly useful. Essentially:

  • If you tell it PDO::PARAM_STR, it converts your value into a string.
  • If you tell it PDO::PARAM_INT and you pass a boolean, it converts it into a long.
  • If you tell it PDO::PARAM_BOOL and you pass it a long, it converts it into a boolean.

Nothing else seems to be converted. See here for a quick look at the source code and a little better explanation. Perhaps most importantly, PDO will not throw an exception or produce an error if you pass data with a type that doesn't match the data type you passed.



来源:https://stackoverflow.com/questions/7326720/how-define-the-variable-type-in-pdostatementbindvalue

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!