两点注意项:
1. 占位符 (?) 必须被用在整个值的位置,不需要引号等其它字符。
2. 参数按数组元素顺序依次传递给占位符。
<?php
/**
* PDO基于占位符的查询预处理
*
* @license Apache
* @author farwish <farwish(a)foxmail.com>
*/
$pdo = new \PDO('mysql:host=127.0.0.1;dbname=xxx;port=3306', 'root', 'xxx');
// LIKE 查询预处理
$param1 = "上海";
$sql1 = "select * from sys_city where city_name like ?";
$stmt1 = $pdo->prepare($sql1);
if ($stmt1->execute([
"%$param1%",
]) ) {
$res1 = $stmt1->fetchAll(\PDO::FETCH_ASSOC);
print_r($res1);
}
// IN 查询预处理
$param2 = [1,2,3];
$prepare = rtrim( str_pad('?', 2 * count($param2), ',?') , ',');
$sql2 = "select * from sys_city where city_id in($prepare)";
$stmt2 = $pdo->prepare($sql2);
if ($stmt2->execute($param2)) {
$res2 = $stmt2->fetchAll(\PDO::FETCH_ASSOC);
print_r($res2);
}
// 普通条件查询预处理
$param3 = "上海市";
$sql3 = "select * from sys_city where city_name = ?";
$stmt3 = $pdo->prepare($sql3);
if ($stmt3->execute([
$param3,
])) {
$res3 = $stmt3->fetchAll(\PDO::FETCH_ASSOC);
print_r($res3);
}