PHP PDO執行/準備似乎不工作

Question

<?php  
    $abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ':login' AND user_pass=PASSWORD(':password')"); 
    $abc->bindParam(':login', $_POST['name']); 
    $abc->bindParam(':password', $_POST['pw']);  
    $abc->execute(); 
    echo $abc->rowCount(); 
    // the example above doesn't work rowCount is always 0 
    $abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = '?' AND user_pass=PASSWORD('?')"); 
    $abc->execute([$_POST['name'], $_POST['pw']]); 
    echo $abc->rowCount(); 
    // and again rowCount is always 0 
    $abc = $objpdo->query("SELECT * FROM testdb.users WHERE user = '".$_POST['name']."' AND user_pass=PASSWORD('".$_POST['pw']."')"); 
    echo $abc->rowCount(); 
    // this thing here is working 
?> 

預處理語句，我有我的代碼似乎沒有工作， 奇怪的是，當我嘗試運行的查詢（）無需準備，但只是直接將值傳遞給其工作的字符串。

請注意，我總是嘗試使用現有用戶/密碼的代碼。

Answer 1

佔位符不需要引號，否則查詢會將它們視爲字符串而不是佔位符。

$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = :login AND user_pass=PASSWORD(:password)"); 

用相同的序號佔位符（問號）：

$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ? AND user_pass=PASSWORD(?)");