10
我也碰到過這樣的警告,我以前從未見過:PDO:無效的參數號:混合命名和位置參數
警告:PDOStatement對象::執行()[pdostatement.execute]:SQLSTATE [HY093 ]:無效參數號:混合命名和位置參數在...
參照以下PDO查詢(已經簡化爲了便於閱讀功能):
$offset = 0;
$limit = 12;
function retrieve_search_posts($searchfield, $offset, $limit){
$where = array();
$words = preg_split('/[\s]+/',$searchfield);
array_unshift($words, '');
unset($words[0]);
$where_string = implode(" OR ", array_fill(0,count($words), "`post_title` LIKE ?"));
$query = "
SELECT p.post_id, post_year, post_desc, post_title, post_date, img_file_name, p.cat_id
FROM mjbox_posts p
JOIN mjbox_images i
ON i.post_id = p.post_id
AND i.cat_id = p.cat_id
AND i.img_is_thumb = 1
AND post_active = 1
WHERE $where_string
ORDER BY post_date
LIMIT :offset, :limit
DESC";
$stmt = $dbh->prepare($query);
foreach($words AS $index => $word){
$stmt->bindValue($index, "%".$word."%", PDO::PARAM_STR);
}
$stmt->bindParam(':offset', $offset, PDO::PARAM_INT);
$stmt->bindParam(':limit', $limit, PDO::PARAM_INT);
$stmt->execute();
$searcharray = $stmt->fetchAll(PDO::FETCH_ASSOC);
return $searcharray;
}
函數和PDO查詢工作正常,但不包含查詢中包含的偏移量和限制變量。那麼可能是什麼原因導致了這種警告
感謝
豈不是,你命名的混合參數(':offset',':limit')的事實與位置參數(' LIKE?')作爲警告狀態? – Wiseguy 2013-04-08 20:24:53
@Wiseguy謝謝,我也知道他們現在叫什麼:p – crm 2013-04-08 20:36:41
@MarcB也許我錯過了一些東西,但是你在哪裏看到一個sql注入漏洞? – jeroen 2013-04-08 20:36:41