Php 如何将数组(AS)与PDO一起使用
该脚本已经能够使用MySQL legacy运行。但是我在提高SQL注入安全性的基础上改为PDO 但这似乎不像转动手掌那么容易。原始代码如下所示:Php 如何将数组(AS)与PDO一起使用,php,mysql,pdo,Php,Mysql,Pdo,该脚本已经能够使用MySQL legacy运行。但是我在提高SQL注入安全性的基础上改为PDO 但这似乎不像转动手掌那么容易。原始代码如下所示: <?php $dn1 = mysql_query('select c.id, c.name, c.description, c.position, (select count(t.id) from topics AS t where t.kategori=c.id and t.id2=1) AS topics, (select count(t2.
<?php
$dn1 = mysql_query('select c.id, c.name, c.description, c.position, (select count(t.id) from topics AS t where t.kategori=c.id and t.id2=1) AS topics, (select count(t2.id) from topics AS t2 where t2.kategori=c.id and t2.id2!=1) AS replies from categories AS c group by c.id order by c.position asc');
$nb_cats = mysql_num_rows($dn1);
while($dnn1 = mysql_fetch_array($dn1))
{
?>
<tr>
<td class='forum_cat'><a href="daftar.php?kategori=<?php echo $dnn1['id']; ?>" class='title'><?php echo htmlentities($dnn1['name'], ENT_QUOTES, 'UTF-8'); ?></a>
<div class='description'><?php echo $dnn1['description']; ?></div></td>
<td><?php echo $dnn1['topics']; ?></td>
<td><?php echo $dnn1['replies']; ?></td>
<?php
if(isset($_SESSION['username']) and $_SESSION['username']==$admin)
{
?>
<td><a href="delete_category.php?id=<?php echo $dnn1['id']; ?>"><img src='<?php echo $design2; ?>/images/delete.png' alt='Delete' /></a>
<?php if($dnn1['position']>1){ ?><a href="move_category.php?action=up&id=<?php echo $dnn1['id']; ?>"><img src='<?php echo $design2; ?>/images/up.png' alt='Move Up' /></a><?php } ?>
<?php if($dnn1['position']<$nb_cats){ ?><a href="move_category.php?action=down&id=<?php echo $dnn1['id']; ?>"><img src='<?php echo $design2; ?>/images/down.png' alt='Move Down' /></a><?php } ?>
<a href="edit_category.php?id=<?php echo $dnn1['id']; ?>"><img src='<?php echo $design2; ?>/images/edit.png' alt='Edit' /></a></td>
<?php
}
?>
</tr>
<?php
}
?>
public function test($cid, $cname, $cdescription, $cposition, blablablabla){
$sql = 'SELECT c.id, c.name, c.description, c.position, (SELECT count(t.id) from topics AS t where t.kategori=c.id and t.id2=1) AS topics, (SELECT count(t2.id) from topics AS t2 where t2.kategori=c.id and t2.id2!=1) AS replies from categories AS c group by c.id order by c.position asc';
$stmt = $this->conn->prepare($sql);
$data = array('c.id' => $cid, 'c.name' => $cname, 'c.description'=> $cdescription, 'c.position' =>$cposition, blablablabla);
$stmt->execute($data);
$status = $stmt->fetchColumn();
if($status){
echo "MESSAGE";
print_r($result);
} else {
echo $status;
$this->error['alert'] = "Sorry, ERROR";
Users::ErrorReport();
}
}
在某种程度上,blabla
是一些未解决的问题
让我感到困惑的是,大多数人都不使用AS作为节数组的示例。例如name
或description
而我使用的代码c.name
c.description
和其他
如何使其工作?'blablabala'这不是您在方法中传递的变量。@Drudge是的,我知道,但我的意思是
Blabla
部分仅用于alias,因此,无需关注partplaceholder是?
还是以开头:
当前查询中没有占位符。查询中没有占位符,因此无需将参数传递给execute函数。