在特定方法中,如果未给出变量,我需要回退到表中的特定数据。看起来像这样的东西:
public function readDiscountsForCampaign(CD\Campaign $oCampaign, $iPricelistId = 0) {
// do stuff
}
因此,如果 $iPricelistId === 0
我希望 SQL 查询从 channel.default_pricelist_id
检索价目表。
使用 PDO 准备好的语句,您显然无法将表名称绑定(bind)到参数或值,因此实际上只有 2 个选项。
1:将值插入到查询字符串中,例如:
public function readDiscountsForCampaign(CD\Campaign $oCampaign, $iPricelistId = 0) {
//ensure the pricelist id is an integer
$iPricelistId = (int) $iPricelistId;
//create the string to insert into the SQL query string
$sPricelistInsert = $iPricelistId ? $iPricelistId : "channel.default_pricelist_id";
//SQL query string
$sQuery = "SELECT ... all the select stuff here "
. "WHERE pricelist.pricelist_id = {$sPricelistInsert}"; // <-- which will be either the (int) or channel.default_pricelist_id
// do other stuff, run the query and return
}
2:在 WHERE 条件上使用 SQL IF
public function readDiscountsForCampaign(CD\Campaign $oCampaign, $iPricelistId = 0) {
//ensure the pricelist id is an integer
$iPricelistId = (int) $iPricelistId;
//SQL query string
$sQuery = "SELECT ... all the select stuff here "
. "WHERE pricelist.pricelist_id = IF(:pricelist_id > 0, :pricelist_id, channel.default_pricelist_id)";
//bind ':pricelist_id' to $iPricelistId for the prepared statement
$aBoundValues = array(':pricelist_id' => $iPricelistId);
// then do other stuff, run the query and return
}
---- 编辑:更新为包括 Tadman 的第三个选项 ----
3:按顺序构建查询并根据需要绑定(bind) Pricelist_id(一般来说,这比选项 1 更好,因为不需要值插值)
public function readDiscountsForCampaign(CD\Campaign $oCampaign, $iPricelistId = 0) {
//create an array of bound parameters/values
$aBoundValues = array();
//ensure the pricelist id is an integer
$iPricelistId = (int) $iPricelistId;
//SQL query string
$sQuery = "SELECT ... all the select stuff here "
. "WHERE pricelist.pricelist_id = ";
//if we have a pricelist id ...
if($iPricelistId) {
$sQuery .= ":pricelist_id";
$aBoundValues[':pricelist_id'] = $iPricelistId;
}
// ... if not, fallback to the default from `channel`.`default_pricelist_id`
else {
$sQuery .= "channel.default_pricelist_id";
}
// do other stuff, run the query and return
}
---- 编辑结束 ----
现在,哪个是更好的选择..?我也想找个理由;)
最佳答案
您需要有条件地编写查询,然后使用绑定(bind)参数执行它。除非您确实没有其他选择,否则不要使用字符串替换,这是非常危险的。
例如,您可以逐步构建查询:
$sQuery = "SELECT ... WHERE pricelist.pricelist_id=";
$bind = array();
if (...) {
$sQuery .= ":pricelist_id";
$bind[':pricelist_id'] = $pricelist_id;
} else {
$sQuery .= "channel.default_pricelist_id";
}
然后您可以使用 $bind
数组作为值来执行。
关于php - 使用具有 PDO 绑定(bind)参数/值的表中的回退值,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/21485818/