PHP动态更新函数错误?
我基于fetch函数创建了这个动态更新函数(相同的方法,只是SET的另一个数组) 但它似乎有一个错误PHP动态更新函数错误?,php,mysql,Php,Mysql,我基于fetch函数创建了这个动态更新函数(相同的方法,只是SET的另一个数组) 但它似乎有一个错误 public function update($table, $columns = array(), array $criteria = null) { // The query base $query = "UPDATE $table"; $query .= ' SET ' . implode(', ', array_map(f
public function update($table, $columns = array(), array $criteria = null)
{
// The query base
$query = "UPDATE $table";
$query .= ' SET ' . implode(', ', array_map(function($column) {
return "$column = ?";
}, array_keys($columns)));
// Start checking
if ($criteria) {
$query .= ' WHERE ' . implode(' AND ', array_map(function($column) {
return "$column = ?";
}, array_keys($criteria)));
}
$update = $this->pdo->prepare($query) or die('An error has occurred with the following message:' . $query);
$update->execute(array_values($criteria));
}
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY093]: Invalid parameter number: number of bound variables does not match number of tokens' in C:\xampp\htdocs\argonite\includes\class\MYSQL\Database.class.php:179 Stack trace: #0 C:\xampp\htdocs\argonite\includes\class\MYSQL\Database.class.php(179): PDOStatement->execute(Array) #1 C:\xampp\htdocs\argonite\index.php(8): Database->update('argonite_server...', Array, Array) #2 {main} thrown in C:\xampp\htdocs\argonite\includes\class\MYSQL\Database.class.php on line 179
此处的语法错误:
array_values($columns, $criteria)
$update->execute(array_merge(array_values($columns), array_values($criteria)));
array\u merge$列$条件$allowed = array("name","surname","email","password"); // allowed fields
$sql = "UPDATE users SET ".pdoSet($allowed,$values)." WHERE id = :id";
$stm = $dbh->prepare($sql);
$values['id'] = $_POST['id'];
$stm->execute($values);
array_values()只需要1个参数,2个给定nphp.net/manual/en/function.array-values.php此函数易受sql攻击injection@YourCommonSense仅当列名是用户提供的。此问题似乎与主题无关,因为它是关于在没有$columns的情况下读取d*%#错误消息,我将只获取缺少的参数SQL error,为什么?@junatanmdasted因为数组_值使得值0,1,2的索引及其需要参数,所以我认为您不应该使用此函数。它是否仍然说“未绑定任何参数”?绑定变量的数量与令牌的数量不匹配