-2
在PHP中,我想执行一个SQL查询,将SQL数组值与SQL语句一起传递。我无法做到这一点。带有SQL语句的PHP数组值
请考虑以下
$db = "mydatabase.sqlite";
$array = array(
"key1" => "value1",
"key2" => "value2",
"key3" => "value3"
);
try {
$dbhandle = new PDO("sqlite:$db");
$dbhandle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
foreach ($array as $item) {
$timestamp =
$dbhandle->exec(
"INSERT OR REPLACE INTO table (field1, field2, field3)
VALUES ('$item['key1']', '$item['key2']', '$item['key3']')"
);
$dbhandle = NULL;
}
}
catch(PDOException $e) {
print "Exception : ".$e->getMessage()."\n";
}
如何表达的SQL语句?
技术上正确,但@CptNemo请使用预处理语句;使用例如'$ pdoStmt-> bindValue(':key1',$ item ['key1'])'在尊重DB数据类型的同时转义输入,并且您可以使用默认数组表示法... – feeela