开发者

Clarification on PDO and bindparam

I'm a newcomer to PDO and have to say that I like it so far but I am still a bit unstable on some of the calls that it uses and the documentation is not all that solid.

I am using a couple stored procedures and from what I understand about PDO, I am forced to use prepare for this. I building a module that will store info about any errors that were caused by the user. I understand that bindParam will escape any quotes and clean the string before it's inserted into the database which开发者_如何学C is NOT what I want. I want to see the string as the user entered it for troubleshooting purposes. I have tried to forgo the bindparam calls but get errors about attempting to pass by reference. Is there a way that I can achieve this? Also open to suggestions. Thanks.


bindParam doesn't ‘escape’ or ‘clean’ anything as such. It sends the string you supply it with straight into the database layer, verbatim. Any ' character included in the string will end up as a ' character in the column in the database. That's the whole point of parameterisation: there are no ‘special characters’ to worry about.

If you are having problems with passing non-references to bindParam, I suggest using bindValue instead. Actually I'd pretty much recommend using that call all the time, because the reference-taking behaviour of bindParam (and mysqli_stmt_bind_param) is confusing and almost always unwanted.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜