-1

我使用准备好的语句在 SQLite3 db 中添加的数据无法使用 WHERE 进行搜索:

SELECT Active FROM Users WHERE Username="john"

我在 PHP 中有一个演示,它使用准备好的和直接的语句添加数据,然后尝试搜索它们。

我的问题有两个:

  1. 为什么会这样?
  2. 如何搜索通过准备好的语句添加的数据?

这是PHP脚本。

<?php

error_reporting(E_ALL);
date_default_timezone_set('Europe/Helsinki');
ini_set('default_charset', 'UTF-8');
mb_internal_encoding("UTF-8");
header('Content-Type: text/html; charset=UTF-8');

$timezone = date('Z');
$db = '';

// ---

//
// adds a user in the db with a prepared statement
//

function add_user1($name, $pass)
{
    global $timezone;
    global $db;

    $time = time();

    try
    {
        $statement = "INSERT INTO Users (Username, Password, Time, Timezone, Active) VALUES     (:Username,:Password,:Time,:Timezone,:Active);";    
        $query = $db->prepare($statement);
        $query->bindValue(':Username', $name, SQLITE3_TEXT);
        $query->bindValue(':Password', $pass, SQLITE3_TEXT);
        $query->bindValue(':Time', $time, SQLITE3_INTEGER);
        $query->bindValue(':Timezone', $timezone, SQLITE3_INTEGER);
        $query->bindValue(':Active', '1', SQLITE3_INTEGER);
        $ok = $query->execute();
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
}

//
// adds a user in the db with a direct execution
//

function add_user2($name, $pass)
{
    global $timezone;
    global $db;

    $time = time();

    try
    {
        $db->exec('INSERT INTO Users (Username, Password, Time, Timezone, Active) VALUES ("' .     $name . '", "' . $pass . '", ' . $time . ', ' . $timezone . ', 1);');
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
}

//
// seeks a password for a given username
//

function seek($user)
{
    global $timezone;
    global $db;

    try
    {
        // previous tests showed that this doesn't work on all cases
        $result = $db->query('SELECT Password FROM Users WHERE Username="'. $user . '"');
        foreach ($result as $row)
        {
            $password = $row['Password'];
            echo "search through SQLite: password for $user is $password\n";
        }

        $result = $db->query("SELECT * FROM Users");
        foreach($result as $row)
        {
            $username = $row['Username'];
            $password = $row['Password'];

            if ($username == $user)
            {
                echo " search through array: password for $username is $password";
                break;
            }
        }
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
}

// ---

echo "<pre>\n";

try
{
    $db = new PDO('sqlite::memory:');
    $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
                                                                            $db->exec("CREATE     TABLE     IF     NOT         EXISTS         Users     (Id             INTEGER         PRIMARY     KEY,         Username     TEXT     UNIQUE     NOT NULL, Password TEXT NOT NULL, Time INTEGER UNIQUE NOT NULL, Timezone INTEGER NOT NULL, Active BOOLEAN NOT NULL);");
}
catch(PDOException $exception)
{
    echo $exception->getMessage();
}

add_user1("Bob", "cat");
sleep(1);
add_user1("Mark", "dog");
sleep(1);
add_user2("John", "mouse");
sleep(1);
add_user2("Alice", "rodent");

try
{
    $result = $db->query('SELECT * FROM Users');
    foreach ($result as $row)
    {
        echo "      Id: " . $row['Id'] . "\n";
        echo "Username: " . $row['Username'] . "\n";
        echo "Password: " . $row['Password'] . "\n";
        echo "    Time: " . $row['Time'] . "\n";
        echo "Timezone: " . $row['Timezone'] . "\n";
        echo "  Active: " . $row['Active'] . "\n";
        echo "\n";
    }
}
catch(PDOException $exception)
{
    echo $exception->getMessage();
}

seek("Alice");

echo "\n\n";

seek("Mark");


$db = NULL;

?>
4

1 回答 1

1

有人告诉我我应该删除绑定上的类型。我做到了,它有效:)

感谢任何阅读它的人。

这是完整的工作示例。

<?php

error_reporting(E_ALL);
date_default_timezone_set('Europe/Helsinki');
ini_set('default_charset', 'UTF-8');
mb_internal_encoding("UTF-8");
header('Content-Type: text/html; charset=UTF-8');

$timezone = date('Z');
$db = '';

// ---

//
// adds a user in the db with a prepared statement
//

function add_user1($name, $pass)
{
    global $timezone;
    global $db;

    $time = time();

    try
    {
        $statement = "INSERT INTO Users (Username, Password, Time, Timezone, Active)     VALUES     (:Username,:Password,:Time,:Timezone,:Active);";    
        $query = $db->prepare($statement);
        $query->bindValue(':Username', $name);
        $query->bindValue(':Password', $pass);
        $query->bindValue(':Time', $time);
        $query->bindValue(':Timezone', $timezone);
        $query->bindValue(':Active', '1');
        $ok = $query->execute();
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
}

//
// adds a user in the db with a direct execution
//

function add_user2($name, $pass)
{
    global $timezone;
    global $db;

    $time = time();

    try
    {
        $db->exec('INSERT INTO Users (Username, Password, Time, Timezone, Active) VALUES ("'     .     $name . '", "' . $pass . '", ' . $time . ', ' . $timezone . ', 1);');
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
}

//
// seeks a password for a given username
//

function seek($user)
{
    global $timezone;
    global $db;

    try
    {
        // previous tests showed that this doesn't work on all cases
        $result = $db->query('SELECT Password FROM Users WHERE Username="'. $user . '"');
        foreach ($result as $row)
        {
            $password = $row['Password'];
            echo "search through SQLite: password for $user is $password\n";
        }

        $result = $db->query("SELECT * FROM Users");
        foreach($result as $row)
        {
            $username = $row['Username'];
            $password = $row['Password'];

            if ($username == $user)
            {
                echo " search through array: password for $username is $password";
                break;
            }
        }
    }
    catch(PDOException $exception)
    {
        echo $exception->getMessage();
    }
}

// ---

echo "<pre>\n";

try
{
    $db = new PDO('sqlite::memory:');
    $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
                                                                                                                                                                    $db->exec("CREATE             TABLE                 IF                 NOT                         EXISTS                 Users                 (Id                 INTEGER         PRIMARY     KEY,         Username     TEXT     UNIQUE     NOT NULL, Password TEXT NOT NULL, Time INTEGER UNIQUE NOT NULL, Timezone INTEGER NOT NULL, Active BOOLEAN NOT NULL);");
}
catch(PDOException $exception)
{
    echo $exception->getMessage();
}

add_user1("Bob", "cat");
sleep(1);
add_user1("Mark", "dog");
sleep(1);
add_user2("John", "mouse");
sleep(1);
add_user2("Alice", "rodent");

try
{
    $result = $db->query('SELECT * FROM Users');
    foreach ($result as $row)
    {
        echo "      Id: " . $row['Id'] . "\n";
        echo "Username: " . $row['Username'] . "\n";
        echo "Password: " . $row['Password'] . "\n";
        echo "    Time: " . $row['Time'] . "\n";
        echo "Timezone: " . $row['Timezone'] . "\n";
        echo "  Active: " . $row['Active'] . "\n";
        echo "\n";
    }
}
catch(PDOException $exception)
{
    echo $exception->getMessage();
}

seek("Alice");

echo "\n\n";

seek("Mark");


$db = NULL;

?>
于 2013-07-03T14:19:16.427 回答