-1
我無法弄清楚我的讀取方法(使用PDO的動態準備語句)出了什麼問題。 有人能指引我正確的方向嗎?我不認爲我在使用任何保留的SQL字詞。也許我錯過了引號或某處?我是PDO的新手。SQLSTATE [42000]:語法錯誤或訪問衝突:1064您的SQL語法中有錯誤
這是讀法:
public function read($select_col, $table_name, $where, $where_condition=null, $where_compare=null, $other=null){
//This method will return false if the # of where key-value pairs don't match up with the # of $where_condition items.
//If it works, it will return a 1-dimensional array if only one row is found. If more than one row, then it will be a 2D array.
// It will return an associative array.
//$select_col can be an array or a variable (words or just "*")
//$table_name is just $table_name (most likely the $table_name var given by object)
//$where is an associative array with keys as column names and values as the value for the test.
// Code below will add ":" in front of key to make it a named parameter.
//$where_condition allows user to create other where conditions (ie. "<" or ">". It can be a single variable or an array)
//$other would be room for other stuff like "ASC LIMIT 1"
$errors = array();
$sql = '"SELECT ';
//if $select_col is an array, then put commas after each item except for the last one
if(is_array($select_col)){
$s_count = count($select_col);
for($s=0; $s<$s_count; $s++){
$sql .= $select_col[$s];
if($s<($s_count-1)){
$sql .= ", ";
}
}
} else{
$sql .= $select_col;
}
$sql .= " FROM " . $table_name;
//if $where values are given, then add them to sql. Named parameters are generated from the keys by adding ":" in front of each key
if(!empty($where)){
$w_count = count($where);
//if there are $where_condition values, then make sure they match up to the number of $where key-value sets.
//If they don't match up, then return false and stop.
if(!empty($where_compare)){
$wc_count = count($where_compare);
if($w_count!=$wc_count){
return false;
$exit();
}
}
$sql .= " WHERE ";
for($w=0; $w<$w_count; $w++){
$sql .= key($where);
if(!empty($where_compare)){
$sql .= " " . $where_compare[$w] . " ";
} else{
$sql .= " = ";
}
$sql .= "':" . key($where) . "'";
next($where);
if($w<($w_count-1)){
if(empty($where_condition)){
$errors[] = "WHERE condition(s) is/are missing (ie. AND, OR)";
} else{
$sql .= " " . $where_condition[$w] . " ";
}
}
}
}
//At this point, $where keys and named parameters are set up or it just skipped where section because there are no where values
if(!empty($other)){
$sql .= " " . $other;
}
$sql .= '"';
$stmt = $this->dbc->prepare($sql);
if(!$stmt){
$errors[] = "Failed to prepare query. " . $this->dbc->errorInfo();
}
foreach ($where as $key => $value) {
$named_param = "':" . $key . "'";
if(is_numeric($value)){
$type = "PDO::PARAM_INT";
} else{
$type = "PDO::PARAM_STR";
}
$stmt->bindValue($named_param, $value, $type);
}
$execute = $stmt->execute();
if(!$execute){
$errors[] = "Query failed to execute. " . $this->dbc->errorInfo();
}
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
//if just one row is returned, it returns a one-dimensional array. If more than one row, then it is a two-dimensional array.
if(!empty($errors)){
return $errors;
} else{
return $result;
}
}
這是一個使用read方法的驗證方法:
public static function authenticate($username="", $pw=""){
global $db;
$hashed_pw = self::encrypt_pw($username, $pw);
$where = array('username' => $username, 'pw' => $hashed_pw);
$where_condition = array("AND");
$id = $db->read("user_id", "users", $where, $where_condition);
if(is_numeric($id) AND $id!=0){
return true;
} else{
return false;
}
}
不是「PDO :: PARAM_INT」;一個整數,而你傳遞這個字符串。嘗試將其更改爲int,然後查看是否可行 – Satya
代碼已設置爲如果它是數字,則它將是PDO :: PARAM_INT否則它將是PDO :: PARAM_STR。無論如何,我嘗試過,但沒有奏效。實際上,我將這一部分放在代碼中,看看它是否解決了問題,以便在爲PDO :: PARAM_INT/PDO :: PARAM_STR添加條件之前存在問題。感謝您的建議,但 –