问题
I want to bind variables instead of just building SQL strings. Anyway to do this in Php?
Either MySQL or PostgreSQL answers would help.
Thanks
回答1:
There's e.g. PDO.
An introduction to pdo and prepared statements (including bound parameters) is located at http://docs.php.net/pdo.prepared-statements
回答2:
You should read on the MySQL Improved Extension (MySQLi) at http://php.net/manual/en/book.mysqli.php , and on prepared statements
回答3:
For Postgres specifically - pg_query_params (and pg_send_query_params) is the most primitive form of binding but still very useful.
And then there's PDO but the others already mentioned it.
回答4:
There are a couple of flavors. I believe the more savvy individuals here will push for you to use PDO prepared statements. There is also a sprintf() version.
PDO
An answer has already been discussed on StackOverflow here.
SPRINTF
$sql = sprintf('SELECT * FROM table WHERE id = %d AND field = %s',
$id,
mysql_real_escape_string($value));
来源:https://stackoverflow.com/questions/1860130/how-to-bind-sql-variables-in-php