PHP PDO:使用参数两次时参数号无效?
我有一个问题,当我使用位置参数两次时,我不能在PDO(PHP/MySQL)中使用SQL语句:
SELECT `ID` FROM `_LOGIN_` WHERE `LoginName` = :loginName AND `sha512`= SHA2(CONCAT(:pw, (SELECT `salt` FROM `_LOGIN_` WHERE `LoginName` = :loginName)), 512)
如您所见,我使用了两次":loginName"。因此出现以下错误消息:
PHP Fatal error: Uncaught PDOException: SQLSTATE[HY093]: Invalid parameter number in ...
我是否遗漏了什么,或者是否有其他方法准备语句,以便我可以多次使用参数?
下面是要复制的完整代码:
<!DOCTYPE html>
<html>
<head>
<title>pdo</title>
<meta charset = "utf-8" />
</head>
<body>
<h1>PDO Prepare</h1>
<!--
DB:
DROP DATABASE IF EXISTS `pdoTestDB`;
CREATE DATABASE `pdoTestDB`;
ALTER DATABASE `pdoTestDB` DEFAULT CHARACTER SET 'utf8' DEFAULT COLLATE 'utf8_general_ci';
CREATE TABLE `_LOGIN_` (
`ID` int(11) NOT NULL
,`LoginName` TEXT NOT NULL
,`SALT` varchar( 6) NOT NULL
,`sha512` varchar(128) NOT NULL
,`registerTS` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
,`lastLoginTS` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
, PRIMARY KEY (`ID`)
) ;
SELECT @SALT:=SUBSTRING(MD5(RAND()) FROM 1 FOR 6);
INSERT INTO `_LOGIN_`
(`ID`, `LoginName`, `salt`, `sha512` , `registerTS` ) VALUES
( 1, 'muma' , @SALT, SHA2(CONCAT('123', @SALT), 512), '2018-06-04' );
-->
<?php
$PDOcharset = 'utf8mb4';
// set data source name:
$dsn = "mysql:host=localhost;dbname=pdoTestDB;charset=$PDOcharset";
$opt = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO($dsn, "santisPHP", "123", $opt);
// the sql
$sql = "SELECT `ID` FROM `_LOGIN_` WHERE `LoginName` = :loginName AND `sha512`= SHA2(CONCAT(:pw, (SELECT `salt` FROM `_LOGIN_` WHERE `LoginName` = :loginName)), 512)";
$stmt = $pdo->prepare($sql);
$paramsAssoc = ['loginName' => "muma", 'pw' => "123"];
//echo $paramsAssoc;
var_dump($stmt);
var_dump($paramsAssoc);
$result = $stmt->execute($paramsAssoc);
$fetched = $stmt->fetch();
echo "stmt: ";
var_dump($stmt);
echo "<br />";
echo "result: ";
var_dump($result);
echo "<br />";
echo "fetched: ";
var_dump($fetched);
echo "<br />";
?>
</body>
</html>
解决方案
或者,您可以将设置更改为PDO::ATTR_EMULATE_PREPARES => true
。这将允许您通过在PDO本身(而不是在MySQL服务器上)准备语句来多次绑定相同的命名参数。
相关文章