我有一个相当简单的查询,我想用我的PDO连接到远程MSSQL服务器。
SELECT BookingID, DriverID
FROM dbo.VehicleJobHistory
WHERE TimeJobRequired > "02/03/2013" AND VehicleID = $vid
当我编写没有任何变量的查询时,它可以完美地工作,但是一旦我尝试向查询添加变量,我就没有返回任何内容。我想是类型不匹配,但我不能肯定。
如果我改变$vid为"451",我得到我正在寻找的结果。
$vid = '451';
$myServer = "X";
$myUser = "X";
$myPass = "X";
$myDB = "X";
try {
# MS SQL Server and Sybase with PDO_DBLIB
$DBH = new PDO("dblib:host=$myServer;dbname=$myDB", $myUser, $myPass);
# creating the statement
$STH = $DBH->query('SELECT BookingID, DriverID FROM dbo.VehicleJobHistory WHERE TimeJobRequired > "02/03/2013" AND VehicleID = $vid');
# setting the fetch mode
$STH->setFetchMode(PDO::FETCH_OBJ);
# showing the results
while($row = $STH->fetch()) {
echo $row->BookingID . "/";
echo $row->DriverID ;
echo "<br>";
}
}
catch(PDOException $e) {
echo $e->getMessage();
}
# close the connection
$DBH = null;
echo "connection closed";
这是因为您的查询是在单引号字符串中定义的。变量$vid没有被插入到单引号字符串中,而是作为文字$vid传递,导致查询语法错误,因为它没有引号。在引号外加上双引号。
$STH = $DBH->query("SELECT BookingID, DriverID FROM dbo.VehicleJobHistory WHERE TimeJobRequired > '02/03/2013' AND VehicleID = $vid");
实际上,这应该用一个准备好的语句和bindParam()来代替VehicleID。
$stmt = $DBH->prepare("SELECT BookingID, DriverID FROM dbo.VehicleJobHistory WHERE TimeJobRequired > '02/03/2013' AND VehicleID = :vid");
if ($stmt) {
$stmt->bindParam(':vid', $vid);
$stmt->execute();
}
开始阅读PDO准备语句。如果您正在使用PDO,您应该确保您获得了它们的安全性好处。