-2

所以我有两个功能:

    function display_name1($s){
        global $db;
        $query1 = "SELECT Taken From Alcohol where P_Key = $s";
        $r = $db->prepare($query1);
        $r->execute();
        $result = $r->fetchColumn();
        return $result;

}

    function write_Recipe($s){
        global $db;
        $query1 = "SELECT Taken From Alcohol where Name = $s";
        $r = $db->prepare($query1);
        $r->execute();
        $result = $r->fetchColumn();
        return $result;

    }

唯一的区别是我在第一个示例中将输入“$s”与“P_Key”匹配,在后者中匹配“Name”。当我为第一个函数输入一个数字时,我得到了适当的返回。当我输入一个与至少一个“名称”匹配的字符串时,我什么也得不到。由于某种原因,它似乎与字符串不匹配。有任何想法吗?

4

3 回答 3

5

SQL 查询中存在语法错误。您在第二个查询中缺少表名:

"SELECT Taken From where Name = '$s'"

应该是这样的:

"SELECT Taken FROM `tablename` WHERE  `Name` = '$s'"

进一步注意,如果您已经使用准备好的语句,您应该将变量绑定到查询,而不是使用字符串连接构建查询。此外,global对于 OOP 设计的使用并不完美。下面是一个如何做得更好的例子:

// extend a class from PDO
class CustomPDO extends PDO {


   public function display_name($s){

       // use placeholder :p_key in query
       $query1 = "SELECT Taken FROM `Alcohol` WHERE `P_Key` = :p_key";
       $r = $this->prepare($query1);

       // bind value to prepared statement
       $r->execute(array(
           ':p_key' => $s
       ));
       $result = $r->fetchColumn();
       return $result;
   }

   public function write_recipe($s){

       // use placeholder :name in query
       $query1 = "SELECT Taken FROM `tablename` WHERE  `Name` = :name";

       // use $this as we are extended from PDO
       $r = $this->prepare($query1);

       // bind value to prepared statement
       $r->execute(array(
           ':name' => $s
       ));

       $result = $r->fetchColumn();
       return $result;
   }
}

然后像使用常规 PDO 对象一样使用该类:

$db = new CustomPDO($connection_string, $user, $password);

但是有两种额外的方法:

$result = $db->display_name('foo');
$result = $db->write_recipe('foo');
于 2013-04-26T01:25:44.050 回答
2

查询字符串时,应该用引号将变量括起来,如下所示:

"SELECT Taken From where Name = '$s'"

此外,您的第二个查询缺少表名。

"SELECT Taken From表名where Name = '$s'"

于 2013-04-26T01:24:39.000 回答
1

字符串需要被引用(如果你还没有的话,可能会被转义)。您似乎正在使用 PDO,为什么不添加占位符?而是执行execute(array($s));,让 PDO 为您完成工作?

function display_name1($s){
    global $db;
    $query1 = "SELECT Taken From Alcohol where P_Key = ?";
    $r = $db->prepare($query1);
    $r->execute(array($s));
    $result = $r->fetchColumn();
    return $result;
}

function write_Recipe($s){
    global $db;
    $query1 = "SELECT Taken From Alcohol where Name = ?";
    $r = $db->prepare($query1);
    $r->execute(array($s));
    $result = $r->fetchColumn();
    return $result;

}
于 2013-04-26T01:26:28.080 回答