PDO bindParam vs execute_Pdo_Execute_Bindparam

PDO bindParam vs execute

PDO bindParam vs execute,pdo,execute,bindparam,Pdo,Execute,Bindparam,方法1: $stmt = $pdo->prepare('SELECT name FROM users WHERE id = :id'); $id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT); $stmt->bindParam(':id', $id, PDO::PARAM_INT); $stmt->execute(); $stmt = $db->prepare('SELECT name FROM

方法1:

$stmt = $pdo->prepare('SELECT name FROM users WHERE id = :id');
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();

$stmt = $db->prepare('SELECT name FROM users WHERE id = :id');
$stmt->execute(array(':id' => $_POST['myform-userid'])); // Any vulnerability here?
$row = $stmt->fetch(PDO::FETCH_ASSOC);

方法2:

$stmt = $pdo->prepare('SELECT name FROM users WHERE id = :id');
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();

$stmt = $db->prepare('SELECT name FROM users WHERE id = :id');
$stmt->execute(array(':id' => $_POST['myform-userid'])); // Any vulnerability here?
$row = $stmt->fetch(PDO::FETCH_ASSOC);

方法1比方法2有什么显著的优势吗？我知道当您需要使用不同的参数值再次运行查询时，bindParam非常有用，您还可以指定数据类型。但是有没有强有力的理由将我的方法2重写为方法1呢？可能有很多地方这样的查询可能会分散，所以我想知道这是否值得麻烦。谢谢

不，改进没有那么大。exec的优点是，您可以传递一组参数，而无需定义类型。例如，如果您正在执行插入，则该数组特别有用。