PDO bindParam 与执行

2021-12-26 00:00:00 php pdo

我经常看到使用 bindParambindValue 和 PDO 的代码.简单地将参数传递给 execute 是否会因任何原因而皱眉?

I often see code using bindParam or bindValue with PDO. Is simply passing arguments to execute frowned upon for any reason?

我知道 bindParam 实际上绑定到变量,并且您可以设置与 bind 方法绑定的参数类型,但是如果您只插入字符串怎么办?

I understand that bindParam actually binds to the variables and that you can set the type of parameter being bound with both bind methods, but what if you are only inserting strings?

$query = "SELECT col1 FROM t1 WHERE col2 = :col2 AND col3 = :col3 AND col4 = :col4";
$pdo->bindValue(':col2', 'col2');
$pdo->bindValue(':col3', 'col3');
$pdo->bindValue(':col4', 'col4');

我经常看到以上内容,但我个人更喜欢:

I often see the above, but personally I prefer:

$pdo->execute(array(':col2' => 'col2', ':col3' => 'col3', ':col4' => 'col4'));

它没有那么冗长,而且从视觉上看,让输入一起进入"查询对我来说更有意义.但是,我几乎没有看到它被使用过.

It is not as verbose and visually it makes more sense to me to have the inputs "going in" to the query together. However, I hardly ever see it used.

当您不必利用 bind 方法的特殊行为时,是否有理由更喜欢 bind 方法而不是将参数传递给 execute ?>

Is there a reason to prefer the bind methods over passing parameters to execute when you don't have to take advantage of the special behaviors of the former?

推荐答案

您可能会发现 bindParam 在您只想将变量引用绑定到查询中的参数时使用,但也许仍然需要对其进行一些操作,只需要在查询执行时计算的变量值.它还允许您执行更复杂的操作,例如将参数绑定到存储过程调用并将返回值更新到绑定变量中.

You might find bindParam used when you just want to bind a variable reference to a parameter in the query, but perhaps still need to do some manipulations on it and only want the value of the variable calculated at time of query execution. It also allows you to do more complex things like bind a parameter to a stored procedure call and have the returned value updated into the bound variable.

有关更多信息,请参阅bindParam 文档,bindValue 文档 和 执行文档.

For more, see the bindParam documentation, bindValue documentation and execute documentation.

例如

$col1 = 'some_value';
$pdo->bindParam(':col1', $col1);
$col1 = 'some_other_value';
$pdo->execute(); // would use 'some_other_value' for ':col1' parameter

bindValue 和将数组传递给 execute 的行为与参数值在该点固定并相应地执行 SQL 的方式大致相同.

bindValue and passing an array to execute behave in much the same way as the parameter value is fixed at that point and SQL executed accordingly.

遵循上面相同的示例,但使用 bindValue

Following the same example above, but using bindValue

$col1 = 'some_value';
$pdo->bindValue(':col1', $col1);
$col1 = 'some_other_value';
$pdo->execute(); // would use 'some_value' for ':col1' parameter

当直接在 execute 中传递值时,所有值都被视为字符串(即使提供了整数值).因此,如果您需要强制执行数据类型,则应始终使用 bindValuebindParam.

When passing values directly in execute all values are treated as strings (even if integer value is provided). So if you need to enforce data types, you should always use bindValue or bindParam.

我认为您可能会看到 bind*execute(array) 使用得更多,因为许多人认为在参数声明中显式定义数据类型是更好的编码实践.

I think you might see bind* used more than execute(array) as many consider it to be better coding practice to explicitly define data types in parameter declarations.

相关文章