-1

我正在创建一个用于连接到我的数据库的类,但我不断收到一条消息,说我的 sql 语法有错误,当回显我得到的查询时SELECT id, username from :table where :row = :value,它似乎没有错误。

<?php 
    class db{
        protected $datab;
        public function __construct($username, $password, $host, $dbname, $options){
            try { 
                $this->datab = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options); 
            } 
            catch(PDOException $ex) { 
                die("Failed to connect to the database: " . $ex->getMessage()); 
            }
            $this->datab->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
            $this->datab->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); 
        }
        public function select($array, $table, $row, $value){
            $query = "SELECT";
            foreach($array as $val) {

                if ($val === end($array)){
                    $query.= " ".$val;
                    }else{
                    $query.= " ".$val.",";
                }
            }
            $query.=" FROM :table WHERE :row = :value";
            $query_params = array(
            ':table' => $table,
            ':row' => $row,
            ':value' => $value
            ); 
            echo $query; // SELECT id, username from :table where :row = :value
            try{ 
                $stmt = $this->datab->prepare($query); 
                $result = $stmt->execute($query_params); 
            } 
            catch(PDOException $ex) { 
                die("Failed to run query: " . $ex->getMessage()); 
            }
            $row = $stmt->fetch(); 
            return $row;
        }
    }
    $kit = new db("root", "", "localhost", "kit", array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'));
    $kit->select(array("id", "username"), "user", "username", "yusaf");

?>

错误信息:

Failed to run query: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user' where 'username' = 'yusaf'' at line 1

编辑

我投了反对票,请评论你为什么给我这个。我想我应该提到这只是为了学习目的,我实际上不会在应用程序中使用这个类,它没有意义。

4

3 回答 3

1

您不能使用 :table 或 :row 作为替换值,您必须知道表和列的名称。

SELECT id, username from :table where :row = :value

应该

SELECT id, username from tablename where columnname = :value

于 2013-08-02T08:28:51.353 回答
0

你这个select()功能完全没用。

看,您正试图为自己节省两个词,FROM 和 WHERE。作为交换,您将失去 SQL 的灵活性和可读性。对于有问题的语法糖来说,代价太大了。如果您需要订购怎么办?加入?复杂在哪里?更不用说你实际上是在混淆简单易读的 SQL。有这样的恩膏纯属无稽之谈。

它必须是什么:

   public function getRow($query, $params){
        $stmt = $this->datab->prepare($query); 
        return $stmt->execute($params)->fetch(); 
    }

所以它可以用作

$row = $kit->getRow("SELECT id, username FROM user WHERE username =?", array("yusaf"));
于 2013-08-02T08:44:31.723 回答
-1

替换将 :table 和 :row 替换为带引号的值,结果为:

SELECT id, username FROM 'user' WHERE 'username' = 'yusaf'

什么时候应该

SELECT id, username FROM user WHERE username = 'yusaf'

更改此行:

$query.=" FROM :table WHERE :row = :value";

至 :

$query.=" FROM `$table` WHERE `$row` = :value";
于 2013-08-02T08:34:51.713 回答