2010-02-06 68 views
2
$dml = "insert into bookmark(accountId,category,url,hash,title,created) value($_SESSION[accountId],$_POST[category],'$_POST[url]',md5('$_POST[url]'),'$_POST[title]',now())"; 

mysql_query($dml,$con); 

如何在PDO中使用預準備語句來執行此語句?如何使用PHP中的預準備語句從mysql更改爲pdo?

+0

如果你想「預處理語句」,你不得不問「準備的語句」 ...... – 2010-02-06 03:47:35

+0

碰巧的是,PDO能夠瓶坯完整陳述一樣好準備語句。 – 2010-02-06 03:48:41

+0

沒錯,但我選擇PDO主要用於準備語句 – user198729 2010-02-06 03:49:47

回答

2
 
$dml = "INSERT INTO bookmark (accountId, category, url, hash, title, created) " 
    . "VALUES (:accountId, :category, :url, MD5(:url), :title, NOW())"; 
$statement = $pdo->prepare($dml); 
$parameters = array(
    ":accountId" => $_SESSION["accountId"], 
    ":category" => $_POST["category"], 
    ":url" => $_POST["url"], 
    ":title" => $_POST["title"]); 
$statement->execute($parameters); 
+0

它會自動引用字符串,對? – user198729 2010-02-06 04:14:15

+0

PDO將根據需要處理轉義和引用。 – acrosman 2010-02-06 04:27:58

+0

@ user198729:只有底層驅動程序必須模擬預準備語句時,才需要引用。一般來說,價值是從聲明中分開發送的,所以在價值結束和聲明其餘部分開始之間沒有混淆。 – outis 2010-02-06 04:31:21

2
$dml = $db->prepare("INSERT INTO bookmark (accountId, category, url, hash, title, created) VALUES (:account_id, :category, :url, MD5(:url), :title, NOW());"); 

$dml->bindParam(':account_id', $_SESSION['accountId']); 
$dml->bindParam(':category', $_POST['category']); 
$dml->bindParam(':url', $_POST['url']); 
$dml->bindParam(':title', $_POST['title']); 

$dml->execute();