1
我正在嘗試做一些PDO CRUD來學習一些PDO。我有一個關於bindParam的問題。這裏是我的更新方法現在:我真的需要bindParam嗎?
public static function update($conditions = array(), $data = array(), $table = '')
{
self::instance();
// Late static bindings (PHP 5.3)
$table = ($table === '') ? self::table() : $table;
// Check which data array we want to use
$values = (empty($data)) ? self::$_fields : $data;
$sql = "UPDATE $table SET ";
foreach ($values as $f => $v)
{
$sql .= "$f = ?, ";
}
// let's build the conditions
self::build_conditions($conditions);
// fix our WHERE, AND, OR, LIKE conditions
$extra = self::$condition_string;
// querystring
$sql = rtrim($sql, ', ') . $extra;
// let's merge the arrays into on
$v_val = array_values($values);
$c_val = array_values($conditions);
$array = array_merge($v_val, self::$condition_array);
$stmt = self::$db->prepare($sql);
return $stmt->execute($array);
}
我從所有的正確的價值觀?因此查詢看起來是這樣的:
UPDATE table SET this = ?, another = ? WHERE title = ? AND time = ?
,你可以看到我不使用bindParams而是我通過正確的順序($陣列)在正確的價值觀直接進入執行($陣列)的方法。這就像一個魅力工作,但它是安全的不使用bindParam在這裏?
如果不是,那我該怎麼做呢?
感謝來自瑞典
托比亞斯