Php 使用PDO插入/更新辅助函数
我有一个非常简单的助手函数,可以为传统的普通mysql驱动程序使用生成SET语句:Php 使用PDO插入/更新辅助函数,php,mysql,pdo,Php,Mysql,Pdo,我有一个非常简单的助手函数,可以为传统的普通mysql驱动程序使用生成SET语句: function dbSet($fields) { $set=''; foreach ($fields as $field) { if (isset($_POST[$field])) { $set.="`$field`='".mysql_real_escape_string($_POST[$field])."', "; } } return substr($set, 0
function dbSet($fields) {
$set='';
foreach ($fields as $field) {
if (isset($_POST[$field])) {
$set.="`$field`='".mysql_real_escape_string($_POST[$field])."', ";
}
}
return substr($set, 0, -2);
}
像这样使用
$id = intval($_POST['id']);
$fields = explode(" ","name surname lastname address zip fax phone");
$_POST['date'] = $_POST['y']."-".$_POST['m']."-".$_POST['d'];
$query = "UPDATE $table SET ".dbSet($fields)." stamp=NOW() WHERE id=$id";
它使代码非常枯燥、简单,但同时又具有灵活性
我想问一下,是否有人愿意共享类似的功能,利用PDO准备的语句功能
我仍在怀疑,如何做到这一点。是否有一种直接而简单的方法来使用PDO准备的语句插入数据? 它应该是什么形式?查询生成器助手?还是插入查询助手?它应该采用什么参数 我希望它可以很容易地被用来作为一个答案在这里如此。因为在每一个主题中,我们都可以看到准备好的语句和用法建议,但是没有一个好的例子。我是说,现实生活中的例子。我认为,20次键入bind_param()不是一种好的编程风格。
甚至还有20个问号。我通常有一个扩展PDO的类,但我的类是非常定制的。如果我得到它清理和测试,我会张贴在以后的时间。然而,这里有一个系统的解决方案
function dbSet($fields, &$values) {
$set = '';
$values = array();
foreach ($fields as $field) {
if (isset($_POST[$field])) {
$set .= "`$field` = ?,";
$values[] = $_POST[$field];
}
}
return rtrim($set, ',');
}
$fields = explode(" ","name surname lastname address zip fax phone date");
$_POST['date'] = $_POST['y']."-".$_POST['m']."-"$_POST['d'];
$query = "UPDATE $table SET ".dbSet($fields, $values).", stamp=NOW() WHERE id=?";
$values[] = $id;
$dbh->prepare($query);
$dbh->execute($values);
这可能并不完美,可能需要调整。它考虑到使用PDO连接设置$dbh
。在我提出任何小的语法问题之前,这应该是可行的
编辑
实际上,我想我会选择ORM(或其他ORM)。当您设置模型并在其中添加所有验证时,简单如下:
$table = new Table();
$table->fromArray($_POST);
$table->save();
这样可以很容易地填充内容。这当然是一个ORM,就像教义一样
已更新
对第一个代码做了一些小的调整,例如将isset
放回,并使用rtrim
覆盖substr
。要提供PDO扩展类的模型,只需规划实现方法,并进行一些单元测试以确保其正常工作。参考:
我将扩展核心PDO类并使用如下方法:
class Database extends PDO
{
public function QueryFromPost($Query,$items)
{
$params = array();
$Query .= ' WHERE ';
foreach($items as $key => $default)
{
$Query .= ' :' . $key. ' = ' . $key;
if(isset($_POST[$key]))
{
$params[':' . $key] = $_POST[$key];
}else
{
$params[':' . $key] = $default;
}
}
$s = $this->prepare($Query);
return $s->execute($params);
}
}
那就这样用吧
$db = new Database(/*..Default PDO Params*/);
$statement = $db->QueryFromPost('SELECT * FROM employees',array('type' => 'plc'));
foreach($preparedStatement->fetchAll() as $row)
{
//...
}
<>但是,正如已经说过的,你应该对你想做的事情感到厌倦,你需要<强>验证> /强>你的数据,它已经被消毒,但是你没有验证。 < P>我已经为我考虑的重复参数绑定案例修补了一些琐碎的东西。 无论如何;它提供了一些信息。您的示例可以缩短为:
db("UPDATE table SET :, WHERE id=:id", $columns[], $where[]);
本例仅适用于命名参数,因此$set将是array(“name”=>…)和$where=array(“id”=>123)。:,
在您传递的第一个数组上展开。它被逗号分隔的名称对替换(这就是为什么它的助记符是:,
)
对于不同的用例,还有一些占位符
:,
:&
:
和:?
。只有?
才是真正的标准。因此,它需要一些习惯,但它大大简化了准备好的语句和数组绑定(PDO本机无法做到这一点)。您可以像这样扩展PDO:
class CustomPDO extends PDO {
public function updateTable($sTable, array $aValues = array()){
if (!empty($aValues) && !empty($sTable)){
# validation of table / columns name
$sTable = mysql_real_escape_string($sTable);
$aColumns = array_map('mysql_real_escape_string',array_keys($aValues));
$aElements = array();
foreach ($aColumns as $sColumn){
$aElements[] = "`$sColumn`= :$sColumn";
} // foreach
$sStatement = "UPDATE $sTable SET " . implode(',', $aElements);
$oPDOStatement = $this->prepare($sStatement);
if ($oPDOStatement){
return $oPDOStatement->execute($aValues);
} // if
} // if
return false;
} // updateTable
}
# usage :
# $oDb->updateTable('tbl_name',$_POST);
# test
error_reporting (E_ALL);
ini_Set('display_errors',1);
$oDb = new CustomPDO('sqlite::memory:');
$oDb->exec('CREATE TABLE t1(c1 TEXT, c2 INTEGER)');
$oDb->exec("INSERT INTO t1(c1, c2) VALUES ('X1',1)");
var_dump($oDb->query('SELECT * FROM t1')->fetchAll(PDO::FETCH_ASSOC));
$oDb->updateTable('t1', array('c1'=>'f1','c2**2'=>2));
var_dump($oDb->query('SELECT * FROM t1')->fetchAll(PDO::FETCH_ASSOC));
和其他人一样,我扩展了标准PDO类以满足我的需要。类似这样的东西可能适合你:
Class ExtendedPDO extends PDO
{
public function prepareArray($sql, array $data)
{
// Call the standard prepare method
$statement = parent::prepare($sql);
foreach ($data as $field=>$value) {
$statement->bindValue(':' . $field, $value);
}
return $statement;
}
}
然后您可以非常简单地使用它:
// Include connection variables
include '../includes/config/database.php';
// The data to use in the query
$data = array(
'title' => 'New value',
'id' => 1,
);
// The query you want to run
$sql = '
UPDATE
test
SET
title = :title
WHERE
id = :id
';
try {
// Connect to the database
$dbh = new ExtendedPDO(PDO_DSN, PDO_USERNAME, PDO_PASSWORD);
// Attach the data to your query
$stmt = $dbh->prepareArray($sql, $data);
// Run it
$stmt->execute();
} catch (PDO Exception $e) {
echo $e->getMessage();
}
这是我的通用数据库抽象类。看看
autoExecute()
函数。无论你想完成什么,它都提供了大量的灵活性。我要警告的是,这是为PHP5.3编写的,并且是为PostgreSQL稍微定制的
<?php
/**
* Database abstraction and query result classes
* Requires PHP 5.3
*
* Events:
* - on_commit - Dispatched when the transaction is successfully committed to the DB
* - on_rollback - Dispatched when the transaction is rolled back in the DB
*
* @author Kenaniah Cerny <kenaniah@gmail.com>
* @version 1.1.2
* @license http://creativecommons.org/licenses/by/3.0/us/
* @copyright Copyright (c) 2009, Kenaniah Cerny
*/
class Database extends PDO {
private $stmt;
private $good_trans = null;
private $nested_transactions = 0; //Keeps track of virtual transaction nesting level
private $callbacks = array();
private static $connections = array(); //Keeps track of opened connections
/**
* Returns a database instance using lazy instantiation
* @param string $name a database connection name
* @param array $config database config details for a new connection
*/
static function getInstance($name = 'main', $config=array()){
//Attempt to return an existing connection
if(array_key_exists($name, self::$connections)):
return self::$connections[$name];
endif;
//Attempt to create a new connection
$host = in_array($config['host'], array('localhost', '127.0.0.1')) ? "" : ";host=" . $config['host'];
$db = new Database($config['driver'].":dbname=".$config['name'].$host, $config['user'], $config['pass']);
//Save to connection pool
self::$connections[$name] = $db;
return $db;
}
/**
* Registers a callback to be run when the given event is invoked
* @param string $event Event name
* @param callable $callable
*/
public function register_listener($event, $callable){
if(!array_key_exists($event, $this->callbacks)):
$this->callbacks[$event] = array($callable);
else:
$this->callbacks[$event][] = $callable;
endif;
}
/**
* Invokes callbacks for the given event type
* @param string $event Event name
* @param boolean $stop_on_false Stops bubbling this event if one of the handlers returns false
*/
protected function dispatch_event($event, $stop_on_false = true){
if(!array_key_exists($event, $this->callbacks)) return;
foreach($this->callbacks[$event] as $callable):
$res = call_user_func($callable, $this, $event);
if($stop_on_false && $res === false) return false;
endforeach;
return true;
}
/**
* PDO Constructor
* @param $dsn
* @param $username
* @param $password
*/
function __construct($dsn, $username, $password) {
parent::__construct($dsn, $username, $password);
}
/**
* Prepares an SQL statement
* @param string $sql
*/
function prepare($sql) {
$stmt = parent::prepare($sql, array(PDO::ATTR_STATEMENT_CLASS => array(__NAMESPACE__.'\DatabaseStatement')));
$stmt->setFetchMode(PDO::FETCH_ASSOC);
return $stmt;
}
/**
* Prepares an executes an SQL statement with the parameters provided
* @param string $sql
* @param array $params
*/
function execute($sql, $params = array()) {
if($this->debug):
var_dump("Statement:\n".$sql."\nParams: ".$this->fmt($params));
endif;
try {
$stmt = $this->prepare($sql);
$val = $stmt->execute((array) $params);
if($stmt->errorCode() != '00000') error_log($this->errormsg());
if($this->debug && $stmt->errorCode() != '00000'){
var_dump($stmt->errorInfo());
Errors::add("Database error: ".$this->errormsg(), E_USER_ERROR);
}
if(!$val) return false;
} catch (PDOException $e){
if($this->debug) var_dump($stmt->errorInfo());
error_log($this->errormsg());
Errors::add("Database error: ".$this->errormsg(), E_USER_ERROR);
if($this->nested_transactions) $this->failTrans();
else throw $e;
}
$this->stmt = $stmt;
return $stmt;
}
/**
* Returns the value of the first column of the first row
* of the database result.
* @param $sql
* @param $params
*/
function getOne($sql, $params = array()){
$stmt = $this->execute($sql, $params);
return $stmt ? $stmt->getOne() : false;
}
/**
* Fetches a single column (the first column) of a result set
* @param $sql
* @param $params
*/
function getCol($sql, $params = array()){
$stmt = $this->execute($sql, $params);
return $stmt ? $stmt->getCol() : false;
}
/**
* Fetches rows in associative array format
* @param $sql
* @param $params
*/
function getAssoc($sql, $params = array()){
$stmt = $this->execute($sql, $params);
return $stmt ? $stmt->getAssoc() : false;
}
/**
* Fetches rows in array format with columns
* indexed by ordinal position
* @param $sql
* @param $params
*/
function getArray($sql, $params = array()){
$stmt = $this->execute($sql, $params);
return $stmt ? $stmt->getArray() : false;
}
/**
* Fetches all rows in associative array format
* @param $sql
* @param $params
*/
function getAll($sql, $params = array()){
return $this->getAssoc($sql, $params);
}
/**
* Fetches rows in array format where the first column
* is the key name and all other columns are values
* @param $sql
* @param $params
*/
function getKeyPair($sql, $params = array()){
$stmt = $this->execute($sql, $params);
return $stmt ? $stmt->getKeyPair() : false;
}
/**
* Fetches rows in multi-dimensional format where the first
* column is the key name and all other colums are grouped
* into associative arrays for each row
* @param $sql
* @param $params
*/
function getGroup($sql, $params = array()){
$stmt = $this->execute($sql, $params);
return $stmt ? $stmt->getGroup() : false;
}
/**
* Fetches only the first row and returns it as an
* associative array
* @param $sql
* @param $params
*/
function getRow($sql, $params = array()){
$stmt = $this->execute($sql, $params);
return $stmt ? $stmt->getRow() : false;
}
/**
* Internal function used for formatting parameters in debug output
* @param unknown_type $params
*/
private function fmt($params){
$arr = array();
foreach((array) $params as $k=>$v){
if(is_null($v)) $v = "NULL";
elseif(is_bool($v)) $v = $v ? "TRUE" : "FALSE";
$arr[] = "[".$k."] => ".$v;
}
return "Array(".join(", ", $arr).")";
}
/**
* Returns the number of affected rows from an executed statement
*/
function affected_rows(){
return $this->stmt ? $this->stmt->rowcount() : false;
}
/**
* Automated statement processing
*
* Params array takes the following fields:
*
* - table The name of the table to run the query on
*
* - data A key-value paired array of table data
*
* - mode INSERT, UPDATE, REPLACE, or NEW
*
* - where Can be a string or key-value set. Not used on INSERTs
* If key-value set and numerically indexed, uses values from data
* If key-value and keys are named, uses its own values
*
* - params An array of param values for the where clause
*
* - returning Optional string defining what to return from query.
* Uses PostgreSQL's RETURNING construct
*
* This method will return either a boolean indicating success, an array
* containing the data requested by returning, or a boolean FALSE indicating
* a failed query.
*
*/
function autoExecute($table, $params, $data){
$fields = array(); //Temp array for field names
$values = array(); //Temp array for field values
$set = array(); //Temp array for update sets
$ins = array(); //Insert value arguments
$params['table'] = $table;
$params['data'] = $data;
$params['params'] = (array) $params['params'];
//Parse the data set and prepare it for different query types
foreach((array) $params['data'] as $field => $val):
$fields[] = $field;
$values[] = $val;
$ins[] = "?";
$set[] = $field . " = ?";
endforeach;
//Check for and convert the array/object version of the where clause param
if(is_object($params['where']) || is_array($params['where'])):
$clause = array();
$params['params'] = array(); //Reset the parameters list
foreach($params['where'] as $key => $val):
if(is_numeric($key)):
//Numerically indexed elements use their values as field names
//and values from the data array as param values
$field = $val;
$params['params'][] = $params['data'][$val];
else:
//Named elements use their own names and values
$field = $key;
$params['params'][] = $val;
endif;
$clause[] = $field . " = ?";
endforeach;
$params['where'] = join(" AND ", $clause);
endif;
//Figure out what type of query we want to run
$mode = strtoupper($params['mode']);
switch($mode):
case 'NEW':
case 'INSERT':
//Build the insert query
if(count($fields)):
$sql = "INSERT INTO " . $params['table']
. " (" . join(", ", $fields) . ")"
. " SELECT " . join(", ", $ins);
else:
$sql = "INSERT INTO " . $params['table']
. " DEFAULT VALUES";
endif;
//Do we need to add a conditional check?
if($mode == "NEW" && count($fields)):
$sql .= " WHERE NOT EXISTS ("
. " SELECT 1 FROM " . $params['table']
. " WHERE " . $params['where']
. " )";
//Add in where clause params
$values = array_merge($values, $params['params']);
endif;
//Do we need to add a returning clause?
if($params['returning']):
$sql .= " RETURNING " . $params['returning'];
endif;
//Execute our query
$result = $this->getRow($sql, $values);
//Return our result
if($params['returning']):
return $result;
else:
return $result !== false;
endif;
break;
case 'UPDATE':
if(!count($fields)) return false;
//Build the update query
$sql = "UPDATE " . $params['table']
. " SET " . join(", ", $set)
. " WHERE " . $params['where'];
//Do we need to add a returning clause?
if($params['returning']):
$sql .= " RETURNING " . $params['returning'];
endif;
//Add in where clause params
$values = array_merge($values, $params['params']);
//Execute our query
$result = $this->getRow($sql, $values);
//Return our result
if($params['returning']):
return $result;
else:
return $result !== false;
endif;
break;
case 'REPLACE': //UPDATE or INSERT
//Attempt an UPDATE
$params['mode'] = "UPDATE";
$result = $this->autoExecute($params['table'], $params, $params['data']);
//Attempt an INSERT if UPDATE didn't match anything
if($this->affected_rows() === 0):
$params['mode'] = "INSERT";
$result = $this->autoExecute($params['table'], $params, $params['data']);
endif;
return $result;
break;
case 'DELETE':
//Don't run if we don't have a where clause
if(!$params['where']) return false;
//Build the delete query
$sql = "DELETE FROM " . $params['table']
. " WHERE " . $params['where'];
//Do we need to add a returning clause?
if($params['returning']):
$sql .= " RETURNING " . $params['returning'];
endif;
//Execute our query
$result = $this->getRow($sql, $params['params']);
//Return our result
if($params['returning']):
return $result;
else:
return $result !== false;
endif;
break;
default:
user_error('AutoExecute called incorrectly', E_USER_ERROR);
break;
endswitch;
}
/**
* @see $this->startTrans()
*/
function beginTransaction(){
$this->startTrans();
}
/**
* Starts a smart transaction handler. Transaction nesting is emulated
* by this class.
*/
function startTrans(){
$this->nested_transactions++;
if($this->debug) var_dump("Starting transaction. Nesting level: " . $this->nested_transactions);
//Do we need to begin an actual transaction?
if($this->nested_transactions === 1):
parent::beginTransaction();
$this->good_trans = true;
$this->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
endif;
}
/**
* Returns TRUE if the transaction will attempt to commit, and
* FALSE if the transaction will be rolled back upon completion.
*/
function isGoodTrans(){
return $this->good_trans;
}
/**
* Marks a transaction as a failure. Transaction will be rolled back
* upon completion.
*/
function failTrans(){
if($this->nested_transactions) $this->good_trans = false;
if($this->debug):
Errors::add("Database transaction failed: ".$this->errorMsg());
endif;
$this->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
}
/**
* @see $this->rollbackTrans()
*/
function rollback(){
$this->rollbackTrans();
}
/**
* Rolls back the entire transaction and completes the current nested
* transaction. If there are no more nested transactions, an actual
* rollback is issued to the database.
*/
function rollbackTrans(){
if($this->nested_transactions):
$this->nested_transactions--;
if($this->debug) var_dump("Rollback requested. New nesting level: " . $this->nested_transactions);
$this->good_trans = false;
if($this->nested_transactions === 0):
$this->good_trans = null;
$this->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
if($this->debug) var_dump("Transaction rolled back.");
parent::rollback();
$this->dispatch_event('on_rollback');
endif;
endif;
}
/**
* Clears the nested transactions stack and issues a rollback to the database.
*/
function fullRollback(){
while($this->nested_transactions) $this->rollbackTrans();
}
/**
* Returns the number of nested transactions:
* 0 - There is no transaction in progress
* 1 - There is one transaction pending
* >1 - There are nested transactions in progress
*/
function pending_trans(){
return $this->nested_transactions;
}
/**
* @see $this->completeTrans()
*/
function commit($fail_on_user_errors = false){
return $this->completeTrans($fail_on_user_errors);
}
/**
* Completes the current transaction and issues a commit or rollback to the database
* if there are no more nested transactions. If $fail_on_user_errors is set, the
* transaction will automatically fail if any errors are queued in the Errors class.
* @param boolean $fail_on_user_errors
*/
function completeTrans($fail_on_user_errors = false){
if(!$this->nested_transactions) return;
//Fail the transaction if we have user errors in the queue
if($fail_on_user_errors && Errors::exist()) $this->good_trans = false;
//Do we actually need to attempt to commit the transaction?
if($this->nested_transactions === 1):
if(!$this->good_trans || !parent::commit()){
if($this->debug) var_dump("Transaction failed: " . $this->errormsg());
$this->rollbackTrans();
return false;
}
//Transaction was good
$this->nested_transactions--;
$this->good_trans = null;
$this->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT);
if($this->debug) var_dump("Transaction committed.");
$this->dispatch_event('on_commit', false);
return true;
else:
//Don't take action just yet as we are still nested
$this->nested_transactions--;
if($this->debug) var_dump("Virtual commit. New nesting level: " . $this->nested_transactions);
endif;
return $this->good_trans;
}
/**
* Returns the text of the most recently encountered error
*/
function errormsg(){
$msg = $this->errorInfo();
return $msg[2];
}
}
class DatabaseStatement extends \PDOStatement implements \Countable {
/**
* Binds passed parameters according to their PHP type and executes
* the prepared statement
*/
function execute($params = array()) {
$i = 1;
foreach($params as $k => $v):
$mode = PDO::PARAM_STR;
if(is_null($v)) $mode = PDO::PARAM_NULL;
elseif(is_bool($v)) $mode = PDO::PARAM_BOOL;
elseif(is_resource($v)) $mode = PDO::PARAM_LOB;
$this->bindParam($i, $params[$k], $mode);
$i++;
endforeach;
$ok = parent::execute();
return $ok ? $this : false;
}
/**
* Returns the value of the first column of the first row
*/
function getOne() {
return $this->fetchColumn(0);
}
/**
* Returns an array of values of the column found at $index
* position.
* @param $index
*/
function getCol($index=0) {
return $this->fetchAll(PDO::FETCH_COLUMN, $index);
}
/**
* Returns all rows in numeric array format
*/
function getArray(){
return $this->fetchAll(PDO::FETCH_NUM);
}
/*
* Returns all rows in associative array format
*/
function getAll(){
return $this->fetchAll(PDO::FETCH_ASSOC);
}
/**
* Returns all rows in associative array format
*/
function getAssoc() {
return $this->fetchAll(PDO::FETCH_ASSOC);
}
/**
* Returns rows in multi-dimensional format where the first
* column is the key name and all other colums are grouped
* into associative arrays for each row
*/
function getGroup() {
return $this->fetchAll(PDO::FETCH_GROUP);
}
/**
* Returns a single row in associative format
*/
function getRow(){
return $this->fetch(PDO::FETCH_ASSOC);
}
/**
* Fetches rows in array format where the first column
* is the key name and all other columns are values
*/
function getKeyPair(){
//Emulate it
$tmp = $this->fetchAll(PDO::FETCH_ASSOC);
$arr = array();
for($i = 0; $i < count($tmp); $i++){
$arr[array_shift($tmp[$i])] = count($tmp[$i]) > 1 ? $tmp[$i] : array_shift($tmp[$i]);
}
return $arr;
}
/**
* Returns the number of rows returned by this statement
*/
function recordCount(){
return $this->rowCount();
}
/**
* Returns the number of rows returned by this statement
*/
function count(){
return $this->rowCount();
}
}
即使我的DB类没有使用预先准备好的语句,我还是想在这里提到它。我看不出有任何理由用准备好的语句来实现一切。我确实知道,准备好的语句速度更快,但只有在多次使用时才能使用。如果只执行一次查询(这是我通常需要使用的唯一查询类型),则查询速度将变慢。因此,到处使用事先准备好的陈述会适得其反
可以找到正确的描述。但这里有一些好东西:
- 少于100行的数据库层
DB::x
对于DB::instance()->执行
和DB::q
对于DB::instance()->查询
- 使用两种类型的占位符
?
和?x
自动报价(其中x
可以是、
、&
和
)。?,
占位符可以用作此处的更新帮助器
但有关完整信息,请参见上面链接的stackoverflow帖子;)
PS:回购协议中的自述文件不适用于此类。它适用于普通的DB.php
,而不是DB\u intelligent.php
。
PPS:该类是为PHP5.3编写的。如果您想在PHP5.2上使用它,只需将所有这些PDO方法从DB_forPHP52.PHP
复制到DB_intelligent.PHP
,然后删除\u callStatic
方法。除了其他答案之外:正确引用列名的方法:
/**
* Escape identifier (database/table/column name) - ie. if you're using MySQL:
* db_name.tbl_name.col_name -> `db_name`.`tbl_name`.`col_name`
**/
protected function quoteIdentifier($identifier) {
static $escapeChars = array(
'mysql' => '``',
'oracle' => '""',
'mssql' => '[]',
//...
);
$escape = $escapeChars[$this->getAttribute(self::ATTR_DRIVER_NAME)];
$identifier = (array) explode('.', $identifier);
$identifier = array_map(function($segment) use($escape) {
return $escape[0] . $segment . $escape[1];
}, $identifier);
return implode('.', $identifier);
}
谢谢大家。
每一个答案都很有帮助,我希望我能平分这笔赏金
最后,令我惊讶的是,根据公认的答案,我能够以与以前相同的方式完成
$fields = array("login","password");
$_POST['password'] = MD5($_POST['login'].$_POST['password']);
$stmt = $dbh->prepare("UPDATE users SET ".pdoSet($fields,$values)." WHERE id = :id");
$values["id"] = $_POST['id'];
$stmt->execute($values);
它可以包装成一个helper函数,但我怀疑是否有必要。它只会将代码缩短一行
pdoSet代码:
function pdoSet($fields, &$values, $source = array()) {
$set = '';
$values = array();
if (!$source) $source = &$_POST;
foreach ($fields as $field) {
if (isset($source[$field])) {
$set.="`$field`=:$field, ";
$values[$field] = $source[$field];
}
}
return substr($set, 0, -2);
}
插入查询通常需要许多占位符。问号样式很难阅读,命名参数重复且容易键入错误。因此,我为整个insert查询创建了一个函数:
function insert($table, $col_val){
global $db;
$table = preg_replace('/[^\da-z_]/i', '', $table);
$smt = $db->prepare("DESCRIBE `$table`");
$smt->execute();
$columns = $smt->fetchAll(PDO::FETCH_COLUMN);
$sets = array();
$exec = array();
foreach($col_val as $col => $val){
if(!in_array($col, $columns))
return false;
$sets[] .= "`$col`=?";
$exec[] = $val;
}
$set = implode(',', $sets);
$smt = $db->prepare("INSERT INTO `$table` SET $set");
$smt->execute($exec);
return $db->lastInsertId();
}
用法很简单:
insert('table_name', array(
'msg' => 'New message',
'added' => date('Y-m-d H:i:s'),
));
如果需要lastInsertId()
:
我仍在尝试理解PDO,但您不需要绑定变量吗?有人能给我解释一下吗?谢谢,我有这样的想法。是的,我们还必须准备$values数组。@catfish,设置一个值数组以在execute
函数中使用,如果您需要的话,可以减少绑定参数的需要
insert('table_name', array(
'msg' => 'New message',
'added' => date('Y-m-d H:i:s'),
));
$new_id = insert(...