Backend Development
PHP Tutorial
During pdo preprocessing, fields need to be bound, but a problem occurs
During pdo preprocessing, fields need to be bound, but a problem occurs
You need to query the database, but the fields and field values are passed from the client, so the sql statement is written like this
<code>$sql="select id from goods_type_attr where :field=:value and type_id=:type_id"; $this->stmt=$this->pdo->prepare($sql); $this->stmt->execute($arr); </code>
But the field name field was also processed in the end, and the result should be selecte ·· from xx where 'field'=····
is ' Instead of `, so no result can be found. How can I bind a field name?
Thank you everyone
Reply content:
You need to query the database, but the fields and field values are passed from the client, so the sql statement is written like this
<code>$sql="select id from goods_type_attr where :field=:value and type_id=:type_id"; $this->stmt=$this->pdo->prepare($sql); $this->stmt->execute($arr); </code>
But the field name field was also processed in the end, and the result should be selecte ·· from xx where 'field'=····
is ' Instead of `, so no results can be found. How can I bind a field name?
Thank you everyone
Why should it be handled this way?
can define an array, such as
<code>$field = [
'name' => 'name',
'type' => 'type'
];
$field = $field[$_GET['field']];</code>There will be no injection this way
I personally suggest that you process all the fields you want to change separately and treat them as a variable assignment, and set both the fields and values to preprocessing form PDOIt seems unrecognizable
$sql="select id from goods_type_attr where #field1#=:value and type_id=:type_id";
$sql = str_replace("#field1#", $param_field, $sql);
$this->stmt=$this->pdo->prepare($sql);
$this->stmt->execute($arr);
Khan, you are too rigid. The field names are processed separately, such as
<code>$field = str_replace('`', '', $field);
$sql = "... `{$field}` = :fieldValue";</code>In fact, usually the client cannot directly pass the field name, which is more dangerous. It is best to use the drop-down box to select and process it in the background, such as
<code>$useableFields = array('f1', 'f2', 'f3');
if (isset($useableFields['request_field_number']))
$selectedField = $useableFields['request_field_number'];
else
$selectedField = false;</code>
Binding can only bind values, and field names must be handled by yourself
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP and Python: Different Paradigms Explained
Apr 18, 2025 am 12:26 AM
PHP is mainly procedural programming, but also supports object-oriented programming (OOP); Python supports a variety of paradigms, including OOP, functional and procedural programming. PHP is suitable for web development, and Python is suitable for a variety of applications such as data analysis and machine learning.
Choosing Between PHP and Python: A Guide
Apr 18, 2025 am 12:24 AM
PHP is suitable for web development and rapid prototyping, and Python is suitable for data science and machine learning. 1.PHP is used for dynamic web development, with simple syntax and suitable for rapid development. 2. Python has concise syntax, is suitable for multiple fields, and has a strong library ecosystem.
Laravel Introduction Example
Apr 18, 2025 pm 12:45 PM
Laravel is a PHP framework for easy building of web applications. It provides a range of powerful features including: Installation: Install the Laravel CLI globally with Composer and create applications in the project directory. Routing: Define the relationship between the URL and the handler in routes/web.php. View: Create a view in resources/views to render the application's interface. Database Integration: Provides out-of-the-box integration with databases such as MySQL and uses migration to create and modify tables. Model and Controller: The model represents the database entity and the controller processes HTTP requests.
PHP and Python: A Deep Dive into Their History
Apr 18, 2025 am 12:25 AM
PHP originated in 1994 and was developed by RasmusLerdorf. It was originally used to track website visitors and gradually evolved into a server-side scripting language and was widely used in web development. Python was developed by Guidovan Rossum in the late 1980s and was first released in 1991. It emphasizes code readability and simplicity, and is suitable for scientific computing, data analysis and other fields.
Solve database connection problem: a practical case of using minii/db library
Apr 18, 2025 am 07:09 AM
I encountered a tricky problem when developing a small application: the need to quickly integrate a lightweight database operation library. After trying multiple libraries, I found that they either have too much functionality or are not very compatible. Eventually, I found minii/db, a simplified version based on Yii2 that solved my problem perfectly.
Laravel framework installation method
Apr 18, 2025 pm 12:54 PM
Article summary: This article provides detailed step-by-step instructions to guide readers on how to easily install the Laravel framework. Laravel is a powerful PHP framework that speeds up the development process of web applications. This tutorial covers the installation process from system requirements to configuring databases and setting up routing. By following these steps, readers can quickly and efficiently lay a solid foundation for their Laravel project.
MySQL and phpMyAdmin: Core Features and Functions
Apr 22, 2025 am 12:12 AM
MySQL and phpMyAdmin are powerful database management tools. 1) MySQL is used to create databases and tables, and to execute DML and SQL queries. 2) phpMyAdmin provides an intuitive interface for database management, table structure management, data operations and user permission management.
The Continued Use of PHP: Reasons for Its Endurance
Apr 19, 2025 am 12:23 AM
What’s still popular is the ease of use, flexibility and a strong ecosystem. 1) Ease of use and simple syntax make it the first choice for beginners. 2) Closely integrated with web development, excellent interaction with HTTP requests and database. 3) The huge ecosystem provides a wealth of tools and libraries. 4) Active community and open source nature adapts them to new needs and technology trends.
