PHP PDO执行/准备似乎不工作

Question

<?php  
    $abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ':login' AND user_pass=PASSWORD(':password')"); 
    $abc->bindParam(':login', $_POST['name']); 
    $abc->bindParam(':password', $_POST['pw']);  
    $abc->execute(); 
    echo $abc->rowCount(); 
    // the example above doesn't work rowCount is always 0 
    $abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = '?' AND user_pass=PASSWORD('?')"); 
    $abc->execute([$_POST['name'], $_POST['pw']]); 
    echo $abc->rowCount(); 
    // and again rowCount is always 0 
    $abc = $objpdo->query("SELECT * FROM testdb.users WHERE user = '".$_POST['name']."' AND user_pass=PASSWORD('".$_POST['pw']."')"); 
    echo $abc->rowCount(); 
    // this thing here is working 
?> 

预处理语句，我有我的代码似乎没有工作， 奇怪的是，当我尝试运行的查询（）无需准备，但只是直接将值传递给其工作的字符串。

请注意，我总是尝试使用现有用户/密码的代码。

Answer 1

占位符不需要引号，否则查询会将它们视为字符串而不是占位符。

$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = :login AND user_pass=PASSWORD(:password)"); 

用相同的序号占位符（问号）：

$abc = $objpdo->prepare("SELECT * FROM testdb.users WHERE user = ? AND user_pass=PASSWORD(?)");