带有SQL语句的PHP数组值
在PHP中,我希望执行一个传递数组值和SQL语句的SQL查询。我做不到这一点带有SQL语句的PHP数组值,php,sql,sqlite,pdo,Php,Sql,Sqlite,Pdo,在PHP中,我希望执行一个传递数组值和SQL语句的SQL查询。我做不到这一点 请考虑以下 $db = "mydatabase.sqlite"; $array = array( "key1" => "value1", "key2" => "value2", "key3" => "value3" ); try { $dbhandle = new PDO("sqlite:
请考虑以下
$db = "mydatabase.sqlite";
$array = array(
"key1" => "value1",
"key2" => "value2",
"key3" => "value3"
);
try {
$dbhandle = new PDO("sqlite:$db");
$dbhandle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
foreach ($array as $item) {
$timestamp =
$dbhandle->exec(
"INSERT OR REPLACE INTO table (field1, field2, field3)
VALUES ('$item['key1']', '$item['key2']', '$item['key3']')"
);
$dbhandle = NULL;
}
}
catch(PDOException $e) {
print "Exception : ".$e->getMessage()."\n";
}
如何表达SQL语句?将数组元素插入字符串时,不要在键周围加引号:
"INSERT OR REPLACE INTO table (field1, field2, field3)
VALUES ('$item[key1]', '$item[key2]', '$item[key3]')"
或者使用带有大括号的“复杂”语法:
"INSERT OR REPLACE INTO table (field1, field2, field3)
VALUES ('{$item['key1']}', '{$item['key2']}', '{$item['key3']}')"
但是,最好使用事先准备好的声明:
$stmt = $dbhandle->prepare("INSERT OR REPLACE INTO table (field1, field2, field3)
VALUES (:key1, :key2, :key3)");
$stmt->execute($item);
技术上正确,但@CptNemo请使用准备好的语句;例如使用
$pdosmt->bindValue(':key1',$item['key1'])
在考虑DB数据类型的同时转义输入,您可以使用默认数组表示法…