开发者

Nice way to pass parameters to PDO

Positional parameters become a nightmare when dealing with more than 3 or 4 parameters. Named parameters are verbose. I'm thinking of doing this:

query("SELECT * FROM users WHERE username = ", $username, " AND password = ", $password开发者_如何学JAVA)

With dynamic parameters (using func_get_args()), every second one being transformed into a positional parameter.

I've never seen this before and wanted to know if anyone has done this before and why/why not?


Named parameters don't have to be verbose, at least not compared to positional parameters. You could use shortened versions that are still obvious:

$st = $dbh->prepare('SELECT * FROM users WHERE username = :u AND password = :p');
$st->bindValue(':u', $username);
$st->bindValue(':p', $password);
$st->execute();


It's a clever idea. The only problem I see is how to distinguish between SQL and passed-in variables. Unless you make an assumption that every second arg is a variable. I just think that assumption is fragile, and obfuscates things more than makes them clear.

Better way would probably be to use interpolation:

query("SELECT foo FROM bar WHERE id = #{id}",  array("id" => "23"));

Then write logic to interpolate these.


I don't think positional parameters are so bad... this is my favorite method:

function mysql_safe_string($value) {
    if(is_numeric($value))      return $value;
    elseif(empty($value))       return 'NULL';
    elseif(is_string($value))   return "'".mysql_real_escape_string($value)."'";
    elseif(is_array($value))    return implode(',',array_map('mysql_safe_string',$value));
}

function mysql_safe_query($format) {
    $args = array_slice(func_get_args(),1);
    $args = array_map('mysql_safe_string',$args);
    $query = vsprintf($format,$args);
    $result = mysql_query($query);
    if($result === false) echo '<div class="mysql-error"><strong>Error: </strong>',mysql_error(),'<br/><strong>Query: </strong>',$query,'</div>';
    return $result;
}

// example
$result = mysql_safe_query('SELECT * FROM users WHERE username=%s', $username);
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜